Is there any way to, after adding access-lists and assigning them to an interface....then capture what traffic (IP address) is hitting the interface and setting off the access-list. For example setting up an access-list to deny traffic to port 80 to a public IP. Then applying the access-list to the inside interface. Once done - then see if anyone is trying to get to that public IP and port..and see what IP address they are coming from??
When the log option is specified, it generates syslog message 106100 for the access list element (ACE) to which it is applied. (Syslog message 106100 is generated for every matching permit or deny ACE flow passing through the firewall.) The first-match flow is cached. Subsequent matches increment the hit count displayed in the show access-list command (hitcnt) for the ACE, and new 106100 messages will be generated at the end of the interval defined by interval secs if the hit count for the flow is not zero.
The default ACL logging behavior (the log keyword not specified) is that if a packet is denied, then message 106023 is generated, and if a packet is permitted, then no syslog message is generated.
An optional syslog level (0 - 7) may be specified for the generated syslog messages (106100). If no level is specified, the default level is 6 (informational) for a new ACE. If the ACE already exists, then its existing log level remains unchanged.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...