https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925520#M437624 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>So you just want to have outbound connections being logged? That message wont work neither the build local-host. I dont think there is a way to do that. You can always submit a enhacement request to a Cisco Account manager. Thinking it a little bit you can try the following workaround:</P><P></P><P> What you can do is to set an ACL with a normal permit IP any any with the log keyword at the end and place it on the Interface for example inside on the inbound direction. I will log every attempt to estalish a connection outbound the ASA, then you can set the logging level for that and send it to the syslog server. </P><P></P><P>Cheers, </P><P></P><P>Mike </P></BODY></HTML> Mon, 07 May 2012 01:57:30 GMT Maykol Rojas 2012-05-07T01:57:30Z https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925519#M437623 <P>Hi </P><P></P><P>I am sending the informational log,specifically the message id302013 of cisco ASA to syslog server. I am only concern about the built in message created from outside to inside direction. Is it possible through configuration so that I can only receive traffic in syslog sevrer that flow from outside to inside zone.</P> Mon, 11 Mar 2019 23:02:49 GMT https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925519#M437623 samarjit.das 2019-03-11T23:02:49Z https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925520#M437624 <HTML><HEAD></HEAD><BODY><P>Hello, </P><P></P><P>So you just want to have outbound connections being logged? That message wont work neither the build local-host. I dont think there is a way to do that. You can always submit a enhacement request to a Cisco Account manager. Thinking it a little bit you can try the following workaround:</P><P></P><P> What you can do is to set an ACL with a normal permit IP any any with the log keyword at the end and place it on the Interface for example inside on the inbound direction. I will log every attempt to estalish a connection outbound the ASA, then you can set the logging level for that and send it to the syslog server. </P><P></P><P>Cheers, </P><P></P><P>Mike </P></BODY></HTML> Mon, 07 May 2012 01:57:30 GMT https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925520#M437624 Maykol Rojas 2012-05-07T01:57:30Z https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925521#M437625 <HTML><HEAD></HEAD><BODY><P>Hi Mike</P><P></P><P>Thanks for your reply. </P><P></P><P></P><P>I tried to do so but I faced another problem. I set the log&nbsp; keyword at the end of ACL that is being applied to outside zone&nbsp; interface and configured FW to send only the message id 106100 to syslog&nbsp; server but enabling log gives some irrelevant traffic log. It catches&nbsp; the 1st response packet of traffic that is actually initiated from&nbsp; inside to outside direction which ideally should not happen caz return&nbsp; traffic goes via existing session. I have users in inside zone which&nbsp; connect to proxy server in outside zone. In case of proxy, the&nbsp; connection always bulit up by the user, not by the proxy server, but i&nbsp; get traffic log for those packets also that is replied by proxy( source&nbsp; port is known proxy port &amp; destination ip is user's machine IP&nbsp; address and port is always unknown destination port). To make sure&nbsp; whether this packet initiated by the proxy server, I started capture log&nbsp; for both message ids 106100 &amp; 302013 and found none of the build in&nbsp; message is generated after getting log for permitted message(getting&nbsp; generated by106100).So in case build in message is not getting generating, it is not proxy initiated traffic. I don;t know what is going on. </P><P></P><P>Please help.</P></BODY></HTML> Mon, 07 May 2012 05:34:40 GMT https://community.cisco.com/t5/network-security/filter-informational-traffic/m-p/1925521#M437625 samarjit.das 2012-05-07T05:34:40Z