Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Reg: PIX ID 106100

Below is the description for the message ID 106100,

"If you configured the log option for the access-list command, the packets matched an ACL statement. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level"

For more information refer,

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

I am trying to get the ID in the logs. For this, i need to set the "log" option for each access-list entry defined in a ACL. The problem here is that, i have numerous ACL's define and setting the "log" option individually for each entry would be cumbersome. Appreciate, if you guys can let me know any other alternative approach to achieve this.

3 REPLIES
New Member

Re: Reg: PIX ID 106100

I'm guessing my initial question is this: Are you using any type of syslog for this system? The reason I ask is that would be a best practice for you. If the case is that you are not, I would suggest a trial of a free syslog product. This way, you'll be able to log everything or exclude certain ID's. Of course with that data you can then run reports on the events received.

I am unaware of a speedier way to configure specific log messages for ACL's other than using a text editor. You'd simply modify the selected ACL's and paste the entire ACL back into your firewall.

New Member

Re: Reg: PIX ID 106100

Just to rephrase, to know about the policy usage, i am looking to enable the ID 106100, which would inform me about the ACL satisfied both for Permitted and Denied logs. By having this information, i can fine tune the acl's further.

The way you have recommend seems simple, but is there not a more simpler way not even via UI ?

thanks in advance.

-S-

New Member

Re: Reg: PIX ID 106100

I can't answer the UI question, as I've only configured these devices through command line. I will have to defer to someone with experience with that.

But, I believe the example I'd given would suffice and would not be overly time consuming. It is obviously totally up to you with what you're comfortable doing.

Best of luck with your project.

389
Views
0
Helpful
3
Replies