https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993704#M149358 <P>Hi,</P> <P></P> <P>You can check the <G class="gr_ gr_76 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" id="76" data-gr-id="76">real time</G> logging on the ASDM for real time hits.</P> <P></P> <P>Go to the monitoring tab on the ASDM and click on logging tab.</P> <P></P> <P><G class="gr_ gr_170 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" id="170" data-gr-id="170">Alternatively</G> you can use the logging keyword in the ACL statement as well:</P> <P></P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html</P> <PRE class="prettyprint">hostname(config)# <B class="cBold">access-list TEST permit ip any any log</B></PRE> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Mon, 10 Oct 2016 19:59:06 GMT Aditya Ganjoo 2016-10-10T19:59:06Z https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993703#M149357 <P>Hello&nbsp;</P> <P></P> <P></P> <P>I have an access-list with permit ip any any at the bottom configured and applied to an interface. The reason I am permitting any traffic at the bottom is not to adversely affect legitimate traffic until I know the environment. When I do show access-list,&nbsp;the hit count for ip any any increments,&nbsp;but don't see the source and destination ip addresses hitting the access-list. Is this not the best way to see what is hitting the access-list?&nbsp;</P> Tue, 12 Mar 2019 08:22:37 GMT https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993703#M149357 Chekol Retta 2019-03-12T08:22:37Z https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993704#M149358 <P>Hi,</P> <P></P> <P>You can check the <G class="gr_ gr_76 gr-alert gr_spell gr_run_anim ContextualSpelling ins-del multiReplace" id="76" data-gr-id="76">real time</G> logging on the ASDM for real time hits.</P> <P></P> <P>Go to the monitoring tab on the ASDM and click on logging tab.</P> <P></P> <P><G class="gr_ gr_170 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" id="170" data-gr-id="170">Alternatively</G> you can use the logging keyword in the ACL statement as well:</P> <P></P> <P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html</P> <PRE class="prettyprint">hostname(config)# <B class="cBold">access-list TEST permit ip any any log</B></PRE> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Mon, 10 Oct 2016 19:59:06 GMT https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993704#M149358 Aditya Ganjoo 2016-10-10T19:59:06Z https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993705#M149359 <P>Hi Aditya</P> <P></P> <P>Yes the ACL is configured with the log keyword at the end. I also have permit ip 10.0.0.0 255.255.0.0 10.10.0.0 255.255.0.0 log 7 and permit tcp 192.168.0.0 255.255.255.0 10.10.0.0 255.255.0.0 log configured. None of them shows the detail.&nbsp;</P> <P></P> <P></P> Mon, 10 Oct 2016 20:21:36 GMT https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993705#M149359 Chekol Retta 2016-10-10T20:21:36Z https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993706#M149360 <P>Hi,</P> <P></P> <P>Can you share the output of sh run logging ?</P> <P></P> <P>sh logging should typically show it if logging is enabled.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Tue, 11 Oct 2016 03:46:12 GMT https://community.cisco.com/t5/network-security/asa-acl-logging/m-p/2993706#M149360 Aditya Ganjoo 2016-10-11T03:46:12Z