https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561557#M202571 <P>Thank you for your response!</P> Wed, 10 Dec 2014 19:26:52 GMT web_hosting 2014-12-10T19:26:52Z https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561555#M202569 <P>Hello.&nbsp; I am new to Cisco firewall rules and I was hoping you could help me. I have done some research, but I am not 100% on a few things.</P><P>&nbsp;</P><P>Background: I have a few broad rules that are getting hit counts, but I am not expecting the hits, so I am trying to determine the traffic.&nbsp; In an ideal world, I would be able to turn on debugging/logging of just the specific rules in question to determine the traffic.&nbsp; I have some questions that revolve around this solution.</P><P>&nbsp;</P><P>Questions:</P><P>1) I need to know source and destination IP and port.&nbsp; Is that a logging level of 4 or 6 that will achieve that?</P><P>2) All of our rules have "log" appended to the end. Does that mean that the global logging level you set, applies to all rules with "log" appended?</P><P>3) I did not fully understand the content in regards to creating classes or message lists. Is there a way to set a different logging rule for a specific rule?</P><P>4) If you one cannot apply to a specific rule, is one possible solution, putting the rule in its own ACL and putting this ACL above the rest?&nbsp; If I understand correctly, you can add unique debugging/logging to a specific ACL?</P><P>&nbsp;</P><P>Thank you,</P><P>Dallas<BR />&nbsp;</P> Tue, 12 Mar 2019 05:12:10 GMT https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561555#M202569 web_hosting 2019-03-12T05:12:10Z https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561556#M202570 <P><EM><STRONG>1) I need to know source and destination IP and port.&nbsp; Is that a logging level of 4 or 6 that will achieve that?</STRONG></EM></P><P>Logging level 6 is what you want.</P><P><STRONG><EM>2) All of our rules have "log" appended to the end. Does that mean that the global logging level you set, applies to all rules with "log" appended?</EM></STRONG></P><P>Correct, when you set the logging level, this level applies to everything you are logging.</P><P><EM><STRONG>3) I did not fully understand the content in regards to creating classes or message lists. Is there a way to set a different logging rule for a specific rule?</STRONG></EM></P><P>Basically, the ACL class and message-lists are used for logging specified syslog messages in a different syslog level.&nbsp; For example, you can use this to log informational level messages that you specify as critical messages.</P><P><STRONG><EM>4) If you one cannot apply to a specific rule, is one possible solution, putting the rule in its own ACL and putting this ACL above the rest?&nbsp; If I understand correctly, you can add unique debugging/logging to a specific ACL?</EM></STRONG></P><P>You can not "debug" an ACL, but you can create a packet capture between two interfaces which references an ACL.&nbsp; Then you can export that capture file and analyze it in Wireshark.</P><P><A href="https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios">https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios</A></P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Wed, 10 Dec 2014 07:40:14 GMT https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561556#M202570 Marius Gunnerud 2014-12-10T07:40:14Z https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561557#M202571 <P>Thank you for your response!</P> Wed, 10 Dec 2014 19:26:52 GMT https://community.cisco.com/t5/network-security/firewall-rule-debugging/m-p/2561557#M202571 web_hosting 2014-12-10T19:26:52Z