https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838767#M11446 <P>I think that it is not possible. Log entry is used to show information of layer 3 and 4 like port, protocol, ip and something like it. But you can input name for rules, but you cant shown these names on logs table.</P> Mon, 15 Apr 2019 13:35:58 GMT Jaderson Pessoa 2019-04-15T13:35:58Z https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838726#M11445 <P>Regarding Cisco ASA:</P><P>&nbsp;</P><UL><LI>Can I configure the ASA to include the firewall rule name in each log entry ?</LI><LI>Can I put any name in the rule, is there some character restrictions (as comma) ?</LI></UL><P>My aim is to include tags in rule names to filter the logs before they are indexed into a SIEM</P> Fri, 21 Feb 2020 17:02:43 GMT https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838726#M11445 alsii 2020-02-21T17:02:43Z https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838767#M11446 <P>I think that it is not possible. Log entry is used to show information of layer 3 and 4 like port, protocol, ip and something like it. But you can input name for rules, but you cant shown these names on logs table.</P> Mon, 15 Apr 2019 13:35:58 GMT https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838767#M11446 Jaderson Pessoa 2019-04-15T13:35:58Z https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838794#M11447 <P>Hi there,</P> <P>Each syslog entry relating to an ACL will include its name at the end of the string, eg&nbsp;</P> <PRE>... by access-group &lt;YOUR_ACL_NAME&gt;</PRE> <P>The naming limitations are those defined by ACLs in general [a-zA-Z0-9] and a limited subet of special characters.</P> <P>There should be enough information in a message for filtering. Exactly what are you trying to achieve?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> <P>&nbsp;</P> Mon, 15 Apr 2019 14:12:05 GMT https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838794#M11447 Seb Rupik 2019-04-15T14:12:05Z https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838911#M11448 <P>It looks like it is only true for DENY, cf <A href="https://community.cisco.com/t5/firewalls/asa-log-entry-format/td-p/2204896" target="_self">here</A>. Do you confirm ?</P> Mon, 15 Apr 2019 17:25:58 GMT https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3838911#M11448 alsii 2019-04-15T17:25:58Z https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3839025#M11449 <P>Hi there,</P> <P>If you do not have the log option at the end of an ACE, then in the event of it being a deny ACE it will generate a code 106023 message, the format of this message contains the string <STRONG>by access-group:</STRONG> </P> <P>&nbsp;</P> <PRE>Apr 15 09:36:50: %ASA-4-106023: Deny tcp src dmz:X.X.X.30/63016 dst outside:X.X.X.8/53 <STRONG>by access-group "acl_dmz"</STRONG> [0xe3aab522, 0x0]</PRE> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_6482625" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_6482625</A></P> <P>&nbsp;</P> <P>If you specify the log option at the end of a permit or deny ACE it will log a code 106100 message, the format of which is slightly different, the ACL name is specified after the string <STRONG>access-list:</STRONG></P> <PRE>Apr 15 09:34:34 EDT: %ASA-session-5-106100: <STRONG>access-list acl_in</STRONG> permitted tcp inside/X.X.X.16(2241) -&gt; outside/X.X.X.89(2000) hit-cnt 1 first hit [0x71a87d94, 0x0]</PRE> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4769049" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4769049</A></P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Mon, 15 Apr 2019 21:47:38 GMT https://community.cisco.com/t5/network-security/firewall-rule-name-in-logs/m-p/3839025#M11449 Seb Rupik 2019-04-15T21:47:38Z