https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131247#M915142 <HTML><HEAD></HEAD><BODY><P>As far as I know, you cannot filter syslogs based on particular IPS.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 06 Aug 2008 13:40:18 GMT Farrukh Haroon 2008-08-06T13:40:18Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131243#M915125 <P>Hello,</P><P></P><P>My Firewall is an ASA 5550 running software 8.0(3).</P><P>I have many times the following message in my logs:</P><P></P><P>"%asa-2-106006: deny inbound udp from 192.168.1.x/138 to 192.168.1.255/138 on interface outside".</P><P></P><P>The range 192.168.1.128/25 is the pool for my IPSec remote access users.</P><P></P><P>I don't want to use the "sysopt connection permit-vpn". So I have some specific rules on my outside interface for VPN access.</P><P>I've put 2 rules for disabling logging on Netbios protocol.</P><P></P><P>"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 host 192.168.1.255 object-group NBT-UDP log disable"</P><P>"access-list outside_access_in extended deny udp 192.168.1.128 255.255.255.128 any object-group NBT-UDP log disable"</P><P></P><P>Object-Group NBT-UDP is defined as below:</P><P>object-group service NBT-UDP udp</P><P> port-object eq 135</P><P> port-object eq 136</P><P> port-object eq 137</P><P> port-object eq 138</P><P> port-object eq 139</P><P></P><P>Is there any errors in my config ?</P><P>How could I do to remove "noise" provided by NetBios traffic from my IPSec remote users ?</P><P></P><P>Thanks</P><P>Christian</P><P></P> Mon, 11 Mar 2019 13:26:54 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131243#M915125 christian.belkreir 2019-03-11T13:26:54Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131244#M915127 <HTML><HEAD></HEAD><BODY><P>Not all messages are generated due to the 'log' message on the ACL on the ASA/PIX.</P><P>As per the command referenace:</P><P></P><P>" If you enter the log keyword without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). If you do not enter the log keyword, then the default system log message 106023 is generated. "</P><P></P><P>You can disable this message by:</P><P></P><P>no logging message 106006</P><P></P><P>But this will disable this message for all flows. You could also push this message to level 7 and log to level 6.</P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P></BODY></HTML> Wed, 06 Aug 2008 13:28:03 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131244#M915127 Farrukh Haroon 2008-08-06T13:28:03Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131245#M915130 <HTML><HEAD></HEAD><BODY><P>Thanks for your answer Farrukh.</P><P></P><P>But I don't want to disable syslog message 106006.</P><P>I only want to disable logging for netbios traffic on broadcast address.</P><P></P><P>Is it possible or not ?</P><P></P><P>Many thanks</P><P>Regards,</P><P>Christian</P></BODY></HTML> Wed, 06 Aug 2008 13:36:21 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131245#M915130 christian.belkreir 2008-08-06T13:36:21Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131246#M915138 <HTML><HEAD></HEAD><BODY><P>As far as I know, you cannot filter syslogs based on particular IPS.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 06 Aug 2008 13:40:16 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131246#M915138 Farrukh Haroon 2008-08-06T13:40:16Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131247#M915142 <HTML><HEAD></HEAD><BODY><P>As far as I know, you cannot filter syslogs based on particular IPS.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 06 Aug 2008 13:40:18 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131247#M915142 Farrukh Haroon 2008-08-06T13:40:18Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131248#M915143 <HTML><HEAD></HEAD><BODY><P>I agree with you regarding the "logging filter" command.</P><P></P><P>If I well understand your answer, in my case, the log didn't come from the ACL engine.</P><P>So putting rules with option "log disable", as I've done, will not solve my issue ?</P><P></P><P>Regards,</P><P>Christian</P></BODY></HTML> Wed, 06 Aug 2008 13:47:31 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131248#M915143 christian.belkreir 2008-08-06T13:47:31Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131249#M915144 <HTML><HEAD></HEAD><BODY><P>Yup it did not come from the ACL engine, that seems obvious and this is a pretty old behavior of the finesse code. It runs two sets of logging functions. Even if you don't have ANY acl on a interface, all connection messages are 'logged' on the firewall.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 06 Aug 2008 13:55:19 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131249#M915144 Farrukh Haroon 2008-08-06T13:55:19Z https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131250#M915148 <HTML><HEAD></HEAD><BODY><P>OK.</P><P>Thanks for your help and your explaination.</P><P></P><P>Regards,</P><P>Christian</P></BODY></HTML> Wed, 06 Aug 2008 14:03:59 GMT https://community.cisco.com/t5/network-security/asa5550-logging-disable-issue/m-p/1131250#M915148 christian.belkreir 2008-08-06T14:03:59Z