topic Logging an ACL ACE in Network Security

Logging an ACL ACE

c.fuller — Mon, 11 Mar 2019 21:33:01 GMT

Hello -

I am trying to determine what traffic is going through the firewall using an "access-list outside-in extended ip permit any any" ACE. I want to view these logs using the "show log" command on the ASA itself. I do not have a syslog server setup to view at this point. I am a little confused what the exact commands should be to get this working. Just throwing the "log" command at the end doesn't display the logs. If someone can show the exact syntax on how I need to configure the ACE and what syslog commands I need to have it show up on the "sh log" buffer I would appreciate it.

Regards

Chuck

Logging an ACL ACE

c.fuller — Sun, 02 Oct 2011 01:41:56 GMT

Figured this out folks. I set the ACS to "log 6 interval 300". Then "logging buffered 6". Then I was able to see the permitted flows using "sh log | inc permitted". All the TCP traffic build/teardown messages are in the log too. Is there anyway to filter those out so only the "permitted/denied" msgs for the chosen ACE are displayed?

Chuck

Logging an ACL ACE

varrao — Sun, 02 Oct 2011 04:23:10 GMT

Hi,

I would say use "log 6 interval 1" and then go to ASDM, right click on the permit access-rule, select "show logg" and you can see all the traffic hitting the acl in the asdm real time log viewer.

Hope that helps.

Thanks,

Varun

Logging an ACL ACE

Richard Burts — Sun, 02 Oct 2011 22:59:38 GMT

Chuck

I am not sure if this is what you are looking for, but the ASA gives you the ability to configure logging to not generate individual log messages by message ID. If you get the ID for the build and teardown messages then you can configure the ASA to not generate these syslog messages.

HTH

Rick