topic ASA5510 ASDM show hits but no logs? in Network Security

ASA5510 ASDM show hits but no logs?

jhonny.eriksson — Tue, 12 Mar 2019 02:00:52 GMT

Hello,

I am trying to apply debug level logging to a rule set on my ASA 5510 (8.0(4)). I see in ASDM that the traffic hits the rule but when I open the real time log and filter on the rule ID (right-click -> show log; on the rule) I get nothing.

This is the output of my show log command;

Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level debugging, facility 20, 3219546753 messages logged
        Logging to management 10.126.6.4
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 2889493030 messages logged

Am I missing anything?'

Thanks, Best Regards

ASA5510 ASDM show hits but no logs?

Jouni Forss — Thu, 20 Jun 2013 08:27:18 GMT

Hi,

Atleast the output above shows that the ASDM logging level is Informational which wont show Debugging messages.

- Jouni

ASA5510 ASDM show hits but no logs?

Jouni Forss — Thu, 20 Jun 2013 08:33:40 GMT

Also,

If you are trying to get logs from an ACL rule that permits traffic then you could go to the ACL rule on the ASDM and edit the rule and enable logging for it and change the level to Informational for example and then try again viewing the log.

- Jouni

ASA5510 ASDM show hits but no logs?

jhonny.eriksson — Thu, 20 Jun 2013 08:37:49 GMT

Hi,

Thanks. Get it. I tried to apply logging level informational to the rule as well as I assumed it might have something to do with it but I still got nothing. It's a pair of hosts to another pair of hosts rule set for a specific TCP port only. Could that traffic logging be regarded as Informational? Or do I need to set ASDM logging level to debugging as well as the rule in order to see the traffic?

Re: ASA5510 ASDM show hits but no logs?

Jouni Forss — Thu, 20 Jun 2013 08:44:17 GMT

Hi,

To my understanding by default the ASA doesnt generate logs when an connection hits a rule that permits traffic.

On the other hand when traffic hits a deny rule or implicit deny rule then a log message will be generated by default.

So to get the ASA to log messages when traffic hits a permit rule you need (to my understanding atleast) to add the keyword "log" at the end of the rule and you can also set at which logging level that message should be viewed.

If you just wanted to log TCP and UDP connection forming then that should happen by default if you have enabled Informational logging level for the target of the Syslog messages. And by target I mean where the syslog have been configured to be sent, for example ASDM, Syslog server etc.

- Jouni

ASA5510 ASDM show hits but no logs?

jhonny.eriksson — Thu, 20 Jun 2013 09:24:54 GMT

I managed to solve it. I went into CLI and reconfigured the rule instead of doing it from ASDM. That solved it... No idea why though. As I switched around config in ASDM the CLI config changed so that should have been the same thing? Anyway, thanks for helping out