https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575741#M611943 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>Take a look at the output of 'show run log' on the ASA. That should tell you the different logging destinations that are configured.</P><P></P><P>-Mike</P></BODY></HTML> Thu, 09 Sep 2010 18:54:28 GMT mirober2 2010-09-09T18:54:28Z https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575740#M611942 <P>CSC Forum</P><P></P><P>I am working on a client site today.&nbsp; The client has an ACL applied to the WAN interface of their ASA in an inbound direction, which is not uncommon.&nbsp; The last line of the ACL has an ACE that reads</P><P> "access-list WAN_access_in_1 line 45 extended permit ip any any log debugging interval 300"</P><P></P><P>What I am unclear about is where the logging occurs.&nbsp; I explained to the IT Admin on site that they may not want to have ip permit any any, and that if we figured out what that traffic that was matching that ACE was, we could just write a rule for it.&nbsp; So I wanted to examine the logs since logging is enabled on that ACE so I could see where the traffic was coming from.</P><P></P><P>I looked at the log buffer, but there is not data in the log before with respect to the ACE.&nbsp; Where would it be logging to based on the statement?&nbsp; There is not a syslog server at this client, so it has to be either the log buffer or the ASDM log I think...?</P><P></P><P>Also what does the interval 300 mean in the ACE?</P><P></P><P>Thanks</P><P>Kevin</P> Mon, 11 Mar 2019 18:38:08 GMT https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575740#M611942 Kevin Melton 2019-03-11T18:38:08Z https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575741#M611943 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>Take a look at the output of 'show run log' on the ASA. That should tell you the different logging destinations that are configured.</P><P></P><P>-Mike</P></BODY></HTML> Thu, 09 Sep 2010 18:54:28 GMT https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575741#M611943 mirober2 2010-09-09T18:54:28Z https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575742#M611944 <HTML><HEAD></HEAD><BODY><P>Yes Mike</P><P></P><P>Well I had done exactly that I I see the following:</P><P></P><P>logging enable<BR />logging timestamp<BR />logging standby<BR />logging buffer-size 16384<BR />logging buffered debugging<BR />logging trap debugging<BR />logging asdm informational<BR />logging host inside 192.168.1.146<BR />logging host inside 172.16.32.157<BR />snmp-server enable traps syslog</P><P>but this does not tell me which logging method that the ACE statement is writing to...</P><P></P><P>"<STRONG><EM>access-list WAN_access_in_1 extended permit ip any any log debugging</EM></STRONG>"</P><P></P><P>My assumption was that it should be in the log buffer, but I still need to verify this so I can extract the data that I need.&nbsp; I do not see any "permit" activity in the log buffer.&nbsp; Yet I can see hit counts on the ACE when I use ASDM.</P></BODY></HTML> Thu, 09 Sep 2010 19:08:53 GMT https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575742#M611944 Kevin Melton 2010-09-09T19:08:53Z https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575743#M611945 <HTML><HEAD></HEAD><BODY><P>Hi Kevin,</P><P></P><P>You should see the hits in the 'show log' output, and also in the syslogs saved to 192.168.1.146 and 172.16.32.157. The message you should see is %ASA-7-106100.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Thu, 09 Sep 2010 19:17:28 GMT https://community.cisco.com/t5/network-security/where-is-the-logging-occuring/m-p/1575743#M611945 mirober2 2010-09-09T19:17:28Z