Below is the description for the message ID 106100,
"If you configured the log option for the access-list command, the packets matched an ACL statement. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level"
I am trying to get the ID in the logs. For this, i need to set the "log" option for each access-list entry defined in a ACL. The problem here is that, i have numerous ACL's define and setting the "log" option individually for each entry would be cumbersome. Appreciate, if you guys can let me know any other alternative approach to achieve this.
I'm guessing my initial question is this: Are you using any type of syslog for this system? The reason I ask is that would be a best practice for you. If the case is that you are not, I would suggest a trial of a free syslog product. This way, you'll be able to log everything or exclude certain ID's. Of course with that data you can then run reports on the events received.
I am unaware of a speedier way to configure specific log messages for ACL's other than using a text editor. You'd simply modify the selected ACL's and paste the entire ACL back into your firewall.
Just to rephrase, to know about the policy usage, i am looking to enable the ID 106100, which would inform me about the ACL satisfied both for Permitted and Denied logs. By having this information, i can fine tune the acl's further.
The way you have recommend seems simple, but is there not a more simpler way not even via UI ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...