https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963760#M939225 <HTML><HEAD></HEAD><BODY><P>Diego</P><P></P><P>Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278</A></P><P></P><P>You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.</P><P></P><P>Jon</P></BODY></HTML> Tue, 15 Apr 2008 20:19:16 GMT Jon Marshall 2008-04-15T20:19:16Z https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963759#M939224 <P>I have a security rule that prevents outbound SMTP connections from LAN IPs. This rule was inserted because it seems we have some infected PCs that are trying to send mail. Is there a way I can see what IPs are being denied the outbound SMTP so I can find and clean-up the PCs?</P><P></P><P>Rgds,</P><P>Diego</P> Mon, 11 Mar 2019 12:31:52 GMT https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963759#M939224 tato386 2019-03-11T12:31:52Z https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963760#M939225 <HTML><HEAD></HEAD><BODY><P>Diego</P><P></P><P>Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278" target="_blank">http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278</A></P><P></P><P>You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.</P><P></P><P>Jon</P></BODY></HTML> Tue, 15 Apr 2008 20:19:16 GMT https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963760#M939225 Jon Marshall 2008-04-15T20:19:16Z https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963761#M939226 <HTML><HEAD></HEAD><BODY><P>If I use syslog is there a way of sending just the denies of the one rule to the syslog server? If not, and the ASA sends all data to the syslog I would think that sorting thru the logs for only the denies of this one particular rule would be quite a mission.</P><P></P><P>Thanks,</P><P>Diego</P><P></P></BODY></HTML> Tue, 15 Apr 2008 20:33:22 GMT https://community.cisco.com/t5/network-security/debug-log-for-security-rule/m-p/963761#M939226 tato386 2008-04-15T20:33:22Z