topic Re: Traffic Logs In ASA in Network Security

Traffic Logs In ASA

Harmeet Singh — Sun, 09 Apr 2017 10:28:35 GMT

Hi,

It may be a repeated or very simple question.

How can I see and store the traffic (Live & Historical) details that is passing my ASA (IPs, Ports etc..)

Harmeet

Re: Traffic Logs In ASA

usman ali dar — Mon, 10 Apr 2017 19:11:45 GMT

hi Harmeet,

if you have the ASA of any model you can use the following 2 methods to analyze the traffic that is passing from the ASA.

1- From- CLI

2- From -ASDM (ASA Device Manager)

3-capture traffic (only which is required)

before you move ahead, please note that firewalls usually dont have any storage space that can stored the traffic logs that is passing through it, until unless you have installed a Flash Card or USB.

1 - From CLI

from cli you execute many commands like the simple one is

show logging: will display the running traffic
show nat: will update you the translation information
show xlate: will update you the static and dynamic table
Show show conn, and show local-host conn
show proc
show asp drop

and so on the link below is the command reference guide in detail and will help you to get all the possible commands you want to execute.

2- ASDM:

from asdm it is quite easy and very informative to use. from asdm manager you can follow the following steps and can see the running traffic or live traffic or can filter the traffic as you require

after you login you will see that at the bottom of the asdm the logs are running which you can review, stop pause or start

click Monitoring from the top tab its option number 3

now on your right you will see all the ARP table learned by firewall

on left pane click logging

after you click logging, the right pane will change and you will have option to view

click view button

when you click view button, a new window will open and you will see all the logs that are currently being passed from firewall

you can use filter to search any specific information

you can create a filter to search

if you dont have any logging server then, you would require one to send your logs for proper storage and configure your security device on certain level

i hope this information will help you.

Cisco ASA 5500 Series Command Reference, 8.2 - same-security-traffic -- show asdm sessions [Cisco ASA 5500-X Series Fire…

Re: Traffic Logs In ASA

Kuat Bakenov — Wed, 19 Apr 2017 16:04:54 GMT

1. network interface utiliz - use snmp.

2. utilize "l3" - use netflow.

graph+history....

Re: Traffic Logs In ASA

Samer R. Saleem — Tue, 09 May 2017 19:42:48 GMT

if you mean the logs then you can use syslog server and configure the remote syslog on the firewall for example use kiwi syslog server

if you mean bandwidth monitor then maybe some good nms like prtg would be good, i have tried open source like cacti and its bad because its and to find templates for the ASA

also you have packet capture that you can start and then store and then open using wireshark

also you have netflow

but for what i think would be less impact on the firewall is remote syslog server with enabling trap informational

and you can buy something like manage-engine log analyzer to read your logs....

Re: Traffic Logs In ASA

#Mat — Tue, 09 May 2017 20:41:00 GMT

Hi Harmeet Singh, with these commands you will able to see all event on your ASA from CLI.

configure terminal

logging buffer-size 500000 [select your size]

logging buffered debugging [select your level]

logging enable

Then you will able to view with show logging. You can use | grep for getting filters.

Here there are two useful links for syslog:

ASA Syslog Configuration Example - Cisco

https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa

Regards.-