https://community.cisco.com/t5/network-security/aip-ssm-default-behaviour/m-p/1744955#M56181 <P>folks</P><P></P><P>i've only realised that my aip-ssm only reports on traffic which is passed through the firewall acl</P><P></P><P>my requirement is that i log all attempted intrusions regardless of whether they are permitted through the firewall or not</P><P></P><P>does anyone know if i can change the default behaviour of the asa to let the module see the all traffic hitting the external interface?</P><P></P><P>thanks to anyone taking the time to reply </P> Sun, 10 Mar 2019 12:29:40 GMT mulhollandm 2019-03-10T12:29:40Z https://community.cisco.com/t5/network-security/aip-ssm-default-behaviour/m-p/1744955#M56181 <P>folks</P><P></P><P>i've only realised that my aip-ssm only reports on traffic which is passed through the firewall acl</P><P></P><P>my requirement is that i log all attempted intrusions regardless of whether they are permitted through the firewall or not</P><P></P><P>does anyone know if i can change the default behaviour of the asa to let the module see the all traffic hitting the external interface?</P><P></P><P>thanks to anyone taking the time to reply </P> Sun, 10 Mar 2019 12:29:40 GMT https://community.cisco.com/t5/network-security/aip-ssm-default-behaviour/m-p/1744955#M56181 mulhollandm 2019-03-10T12:29:40Z https://community.cisco.com/t5/network-security/aip-ssm-default-behaviour/m-p/1744956#M56182 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">i've only realised that my aip-ssm only reports on traffic which is passed through the firewall acl<P></P><P>does anyone know if i can change the default behaviour of the asa to let the module see the all traffic hitting the external interface?</P></PRE><P>The architecture is such that only traffic that is allowed through the ASA is passed to the AIP-SSM/AIP-SSC for inspection. The idea being that there is no reason to tie up more resources inspecting traffic that has already been dropped/denied.</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote">my requirement is that i log all attempted intrusions regardless of whether they are permitted through the firewall or not</PRE><P>If the ASA itself is dropping traffic, a syslog message should be generated/logged. Between the ASA logs and the sensor module logs, you should have what you need.</P></BODY></HTML> Mon, 10 Oct 2011 15:19:50 GMT https://community.cisco.com/t5/network-security/aip-ssm-default-behaviour/m-p/1744956#M56182 Dustin Ralich 2011-10-10T15:19:50Z