filtering logs in ASA firewall

secureIT · ‎12-22-2008

Hi Team,

Is there any way to send specific source and destination based traffic to my syslog server.

i want to monitore only specific traffic going through the firewall.

regards

PVK

John Blakley · ‎12-22-2008

You can set your logging level, and then selectively tell it not to send certain logs to the syslog server with:

no logging message 31057

The 31057 is the message number that will be in your ASA logs. It will still log the message in the buffer, but it won't trap it to the syslog server.

HTH,

John

*please rate all helpful posts*

HTH, John *** Please rate all useful posts ***

secureIT · ‎12-22-2008

I mean to say " I want only certain source and destination based logs only" to be logged in syslog server.

John Blakley · ‎12-22-2008

Okay, you won't be able to do this on the ASA. You'll need to filter results on source and destination on your syslog server. The ASA will log every hit from the logging level that you specify and below. You wouldn't, say, be able to create an ACL to log only hits that match it (although this would be nice).

HTH,

John

*please rate if helpful*

HTH, John *** Please rate all useful posts ***

secureIT · ‎12-23-2008

Thank John..

You meant to say in PIX/ASA firewall its not possible.