Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
3
Replies

Reg: PIX ID 106100

linker.team
Level 1
Level 1

‎03-27-2008 11:56 PM - edited ‎02-21-2020 01:57 AM

Below is the description for the message ID 106100,

"If you configured the log option for the access-list command, the packets matched an ACL statement. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level"

For more information refer,

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

I am trying to get the ID in the logs. For this, i need to set the "log" option for each access-list entry defined in a ACL. The problem here is that, i have numerous ACL's define and setting the "log" option individually for each entry would be cumbersome. Appreciate, if you guys can let me know any other alternative approach to achieve this.

0 Helpful
3 Replies 3

chickman
Level 1
Level 1

‎03-28-2008 07:13 AM

I'm guessing my initial question is this: Are you using any type of syslog for this system? The reason I ask is that would be a best practice for you. If the case is that you are not, I would suggest a trial of a free syslog product. This way, you'll be able to log everything or exclude certain ID's. Of course with that data you can then run reports on the events received.

I am unaware of a speedier way to configure specific log messages for ACL's other than using a text editor. You'd simply modify the selected ACL's and paste the entire ACL back into your firewall.

0 Helpful

linker.team
Level 1
Level 1
In response to chickman

‎03-31-2008 12:28 AM

Just to rephrase, to know about the policy usage, i am looking to enable the ID 106100, which would inform me about the ACL satisfied both for Permitted and Denied logs. By having this information, i can fine tune the acl's further.

The way you have recommend seems simple, but is there not a more simpler way not even via UI ?

thanks in advance.

-S-

0 Helpful

chickman
Level 1
Level 1
In response to linker.team

‎04-03-2008 04:07 PM

I can't answer the UI question, as I've only configured these devices through command line. I will have to defer to someone with experience with that.

But, I believe the example I'd given would suffice and would not be overly time consuming. It is obviously totally up to you with what you're comfortable doing.

Best of luck with your project.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card