Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA - Logging ACE Hits

hi guys,

we want to enable access list logging on all cisco firewalls. this syslog messages should be sent to a special logserver ...

We want to use a policy management tool like tufin, firemon etc., that needs the access list logging for special reports like rule usage, optimizing rule sets etc. So we have a data collector (the policy management appliance) and a normal syslog server. The access list logs should only be sent to the appliance and all other syslog messages should be sent to the default syslog server.

Is there a possibilty to configure two logging hosts on a asa and configure the logging that the syslog message id for acl logging only be sent to one of the servers?

Does anyone have experience in changing the complete acl with more than 1000 rules on a asa firewall to log? Can I do this with a script or is there a (global) command?



CreatePlease to create content