Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA logging to syslog

Is there any way to log my ASA syslog traffic to a syslog server and not have the "names" in the logs? I know that doesn't make much sense, so here is an example:

2009 09:42:18 BHG-FW : %ASA-4-106100: access-list BPWLAN_access_in permitted tcp BPWLAN/10.200.112.64(1253) -> inside/OBJECT-GC80NETDC(139) hit-cnt 1 first hit [0x458bc6c4, 0x2531a850]

I would like to not have the "OBJECT-GC80NETDC" to be displayed, instead I would like to have the IP address.

2 REPLIES
Silver

Re: ASA logging to syslog

The error message states the If you configured the log option for the access-list command, the packets matched an ACL statement. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level.

When an access-list line has the log argument, it is expected that this syslog ID might be triggered because of a non-synchronized packet reaching the security appliance and being evaluated by the access-list. For example, if an ACK packet is received on the security appliance (for which no TCP connection exists in the connection table), the device might generate syslog 106100, indicating that the packet was permitted; however, the packet is later correctly dropped because of no matching connection.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

New Member

Re: ASA logging to syslog

Understand that. I think you misunderstod the question or I wasn't clear enough.

Instead of seeing the message in our syslog like:

2009 09:42:18 BHG-FW : %ASA-4-106100: access-list BPWLAN_access_in permitted tcp BPWLAN/10.200.112.64(1253) -> inside/OBJECT-GC80NETDC(139) hit-cnt 1 first hit [0x458bc6c4, 0x2531a850]

I would like to see:

2009 09:42:18 BHG-FW : %ASA-4-106100: access-list BPWLAN_access_in permitted tcp BPWLAN/10.200.112.64(1253) -> inside/10.200.80.5(139) hit-cnt 1 first hit [0x458bc6c4, 0x2531a850]

So when our network team is performing searches, they don't need to be worried about what I've called the name in the firewall.

324
Views
0
Helpful
2
Replies