ASA Logging

mudasir05 — Tue, 12 Mar 2019 07:00:53 GMT

Dear All,

I have an ASA 5545 on which i have enabled logging,however i am not able to see logs when i take ssh session of the ASA.

However on ASDM I am able to view logs.

Thanks

Hi there,

Seb Rupik — Tue, 08 Dec 2015 08:50:07 GMT

Hi there,

What is the output of:

sh logging

My guess is that running:

sh logging asdm

...will show you what you're after.

cheers,

Seb.

Hi Mudasir,

Rishabh Seth — Tue, 08 Dec 2015 10:04:39 GMT

Hi Mudasir,

Adding to Seb's comment, refer following link to enable monitoring on ssh session:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/monitor.html#wp1065023

Thanks,

Rishabh Seth

PS: Rate if it helps and mark answer as correct if it resolves your issue.

Hi Seb,

mudasir05 — Tue, 08 Dec 2015 10:09:57 GMT

Hi Seb,

ciscoasa# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: enabled
Console logging: level alerts, 6 messages logged
Monitor logging: level alerts, 1549817102 messages logged
Buffer logging: level alerts, 0 messages logged
Trap logging: level informational, facility 20, 1775677694 messages logged
Permit-hostdown logging: disabled
History logging: level alerts, 6 messages logged
Device ID: disabled
Mail logging: list Failover, class auth, 0 messages logged
ASDM logging: level informational, 1775677695 messages logged

=====

ciscoasa# sh logging asdm
6|Dec 08 2015 12:57:18|302013: Built outbound TCP connection 945703559 for Public:54.239.38.163/443 (54.239.38.163/443) to DMZ:192.168.3.16/34519 (10.10.10.16/34519)
6|Dec 08 2015 12:57:18|106015: Deny TCP (no connection) from 93.168.134.38/2242 to 10.10.10.16/443 flags RST on interface Public
6|Dec 08 2015 12:57:18|302014: Teardown TCP connection 945701986 for Public:93.169.169.149/1060 to DMZ:192.168.3.16/443 duration 0:00:10 bytes 11147 TCP FINs
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703561 for Public:188.49.206.189/55008 (188.49.206.189/55008) to DMZ:192.168.3.17/443 (10.10.10.17/443)
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703562 for Public:176.16.88.81/54617 (176.16.88.81/54617) to DMZ:192.168.3.17/443 (10.10.10.17/443)
6|Dec 08 2015 12:57:18|106015: Deny TCP (no connection) from 37.40.4.30/1857 to 10.10.10.17/443 flags RST ACK on interface Public
6|Dec 08 2015 12:57:18|302014: Teardown TCP connection 945703500 for Public:54.243.31.226/46367 to DMZ:192.168.3.16/80 duration 0:00:00 bytes 1307 TCP FINs
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703564 for Public:188.135.42.99/45658 (188.135.42.99/45658) to DMZ:192.168.3.17/443 (10.10.10.17/443)
6|Dec 08 2015 12:57:18|106015: Deny TCP (no connection) from 82.178.195.102/52868 to 10.10.10.16/443 flags FIN ACK on interface Public
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703566 for Public:95.185.59.232/1188 (95.185.59.232/1188) to DMZ:192.168.3.16/443 (10.10.10.16/443)
6|Dec 08 2015 12:57:18|302013: Built outbound TCP connection 945703567 for DMZ:192.168.3.45/80 (192.168.3.45/80) to inside:192.168.5.2/38446 (192.168.5.2/38446)
5|Dec 08 2015 12:57:18|304001: 192.168.5.2 Accessed URL 192.168.3.45:http://192.168.3.45/api/external
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703568 for Public:77.218.231.130/1292 (77.218.231.130/1292) to DMZ:192.168.3.17/443 (10.10.10.17/443)
6|Dec 08 2015 12:57:18|302014: Teardown TCP connection 945687578 for Public:5.110.96.146/52305 to DMZ:192.168.3.16/443 duration 0:01:48 bytes 9623 TCP Reset-O
6|Dec 08 2015 12:57:18|302016: Teardown UDP connection 945703545 for Public:8.8.8.8/53 to DMZ:192.168.3.17/53240 duration 0:00:00 bytes 279
6|Dec 08 2015 12:57:18|302014: Teardown TCP connection 945681108 for Public:93.169.206.200/1043 to DMZ:192.168.3.17/443 duration 0:02:31 bytes 8845 TCP Reset-O
6|Dec 08 2015 12:57:18|302013: Built outbound TCP connection 945703569 for Public:54.239.38.163/443 (54.239.38.163/443) to DMZ:192.168.3.17/49393 (10.10.10.17/49393)
6|Dec 08 2015 12:57:18|302013: Built inbound TCP connection 945703570 for Public:77.31.28.115/55589 (77.31.28.115/55589) to DMZ:192.168.3.17/443 (10.10.10.17/443)
6|Dec 08 2015 12:57:18|106015: Deny TCP (no connection) from 93.169.206.200/1043 to 10.10.10.17/443 flags RST on interface Public
6|Dec 08 2015 12:57:18|106015: Deny TCP (no connection) from 93.169.206.200/1043 to 10.10.10.17/443 flags RST on interface Public
6|Dec 08 2015 12:57:18|302013: Built outbound TCP connection 945703573 for DMZ:192.168.3.45/80 (192.168.3.45/80) to inside:192.168.5.2/52333 (192.168.5.2/52333)
6|Dec 08 2015 12:57:18|302021: Teardown ICMP connection for faddr 128.234.71.151/0 gaddr 10.10.10.17/0 laddr 192.168.3.17/0

what i need to do to see the

mudasir05 — Tue, 08 Dec 2015 10:13:23 GMT

what i need to do to see the logs under "sh logging"?

Hi there,

Seb Rupik — Tue, 08 Dec 2015 10:38:35 GMT

Hi there,

The 'sh logging' command shows us the state of the ASA logging configuration.

'sh logging asdm' shows us the the contents of the asdm log buffer since last clear/ reboot.

What more of the logs do you need to see?

Perhaps you want to look at configuring a syslog server which will make trawling though the logs easier, or better still a SIEM create correlation rules?

topic what i need to do to see the in Network Security

ASA Logging

Hi there,

Hi Mudasir,

Hi Seb,

what i need to do to see the

Hi there,