https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189254#M875763 <P>Hi All,</P><P></P><P>Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?</P><P></P><P>I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks. </P><P></P><P>I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 14:56:45 GMT darkbeatzz 2019-03-11T14:56:45Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189254#M875763 <P>Hi All,</P><P></P><P>Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?</P><P></P><P>I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks. </P><P></P><P>I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 14:56:45 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189254#M875763 darkbeatzz 2019-03-11T14:56:45Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189255#M875764 <HTML><HEAD></HEAD><BODY><P>do these steps</P><P></P><P>1) logging on</P><P>2) logging list test message 106100</P><P>3) logging trap test</P><P>4) logging host &lt;<INTERFACE>&gt; x.x.x.x</INTERFACE></P><P></P><P>106100 - gives you ports and protocols for the permitted traffic , I have tried this config by having an " access-list inside permit ip any any log " to analyze what kind of traffic is traversing the firewall.</P><P></P><P>you can find the complete list of syslog message numbers here </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html</A></P><P></P><P>HTH</P><P></P><P>Vikram</P></BODY></HTML> Wed, 25 Feb 2009 12:37:51 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189255#M875764 vikram_anumukonda 2009-02-25T12:37:51Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189256#M875765 <HTML><HEAD></HEAD><BODY><P>Thanks Vikram.</P><P></P><P>Does test in this command refer to an access-list called test?</P></BODY></HTML> Wed, 25 Feb 2009 12:54:21 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189256#M875765 darkbeatzz 2009-02-25T12:54:21Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189257#M875766 <HTML><HEAD></HEAD><BODY><P>let me be more clear.</P><P></P><P>Does the logging analyse all access-lists on the firewall or can I specifically monitor each acl</P><P></P><P>thanks</P></BODY></HTML> Wed, 25 Feb 2009 14:34:03 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189257#M875766 darkbeatzz 2009-02-25T14:34:03Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189258#M875767 <HTML><HEAD></HEAD><BODY><P>the "test" is like a filter for what messages one wants to see on the syslog server.</P><P></P><P>the below link should help you understand better</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924</A></P><P></P><P>darkbeatz,</P><P></P><P>you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.</P><P></P><P></P><P>HTH</P><P>Vikram</P></BODY></HTML> Thu, 26 Feb 2009 05:08:10 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189258#M875767 vikram_anumukonda 2009-02-26T05:08:10Z https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189259#M875768 <HTML><HEAD></HEAD><BODY><P>Superb thank you.</P></BODY></HTML> Thu, 26 Feb 2009 09:36:23 GMT https://community.cisco.com/t5/network-security/log-access-list-external-syslog/m-p/1189259#M875768 darkbeatzz 2009-02-26T09:36:23Z