Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4149
Views
0
Helpful
5
Replies

ASA5510 ASDM show hits but no logs?

Go to solution
jhonny.eriksson
Level 1
Level 1

‎06-20-2013 01:25 AM - edited ‎03-11-2019 07:00 PM

Hello,

I am trying to apply debug level logging to a rule set on my ASA 5510 (8.0(4)). I see in ASDM that the traffic hits the rule but when I open the real time log and filter on the rule ID (right-click -> show log; on the rule) I get nothing.

This is the output of my show log command;

Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level debugging, facility 20, 3219546753 messages logged
        Logging to management 10.126.6.4
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 2889493030 messages logged

Am I missing anything?'

Thanks, Best Regards

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to jhonny.eriksson

‎06-20-2013 01:44 AM

Hi,

To my understanding by default the ASA doesnt generate logs when an connection hits a rule that permits traffic.

On the other hand when traffic hits a deny rule or implicit deny rule then a log message will be generated by default.

So to get the ASA to log messages when traffic hits a permit rule you need (to my understanding atleast) to add the keyword "log" at the end of the rule and you can also set at which logging level that message should be viewed.

If you just wanted to log TCP and UDP connection forming then that should happen by default if you have enabled Informational logging level for the target of the Syslog messages. And by target I mean where the syslog have been configured to be sent, for example ASDM, Syslog server etc.

- Jouni

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-20-2013 01:27 AM

Hi,

Atleast the output above shows that the ASDM logging level is Informational which wont show Debugging messages.

- Jouni

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Jouni Forss

‎06-20-2013 01:33 AM

Also,

If you are trying to get logs from an ACL rule that permits traffic then you could go to the ACL rule on the ASDM and edit the rule and enable logging for it and change the level to Informational for example and then try again viewing the log.

- Jouni

0 Helpful

Go to solution
jhonny.eriksson
Level 1
Level 1
In response to Jouni Forss

‎06-20-2013 01:37 AM

Hi,

Thanks. Get it. I tried to apply logging level informational to the rule as well as I assumed it might have something to do with it but I still got nothing. It's a pair of hosts to another pair of hosts rule set for a specific TCP port only. Could that traffic logging be regarded as Informational? Or do I need to set ASDM logging level to debugging as well as the rule in order to see the traffic?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to jhonny.eriksson

‎06-20-2013 01:44 AM

Hi,

To my understanding by default the ASA doesnt generate logs when an connection hits a rule that permits traffic.

On the other hand when traffic hits a deny rule or implicit deny rule then a log message will be generated by default.

So to get the ASA to log messages when traffic hits a permit rule you need (to my understanding atleast) to add the keyword "log" at the end of the rule and you can also set at which logging level that message should be viewed.

If you just wanted to log TCP and UDP connection forming then that should happen by default if you have enabled Informational logging level for the target of the Syslog messages. And by target I mean where the syslog have been configured to be sent, for example ASDM, Syslog server etc.

- Jouni

0 Helpful

Go to solution
jhonny.eriksson
Level 1
Level 1
In response to Jouni Forss

‎06-20-2013 02:24 AM

I managed to solve it. I went into CLI and reconfigured the rule instead of doing it from ASDM. That solved it... No idea why though. As I switched around config in ASDM the CLI config changed so that should have been the same thing? Anyway, thanks for helping out

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card