06-20-2013 01:25 AM - edited 03-11-2019 07:00 PM
Hello,
I am trying to apply debug level logging to a rule set on my ASA 5510 (8.0(4)). I see in ASDM that the traffic hits the rule but when I open the real time log and filter on the rule ID (right-click -> show log; on the rule) I get nothing.
This is the output of my show log command;
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: disabled
Trap logging: level debugging, facility 20, 3219546753 messages logged
Logging to management 10.126.6.4
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 2889493030 messages logged
Am I missing anything?'
Thanks, Best Regards
Solved! Go to Solution.
06-20-2013 01:44 AM
Hi,
To my understanding by default the ASA doesnt generate logs when an connection hits a rule that permits traffic.
On the other hand when traffic hits a deny rule or implicit deny rule then a log message will be generated by default.
So to get the ASA to log messages when traffic hits a permit rule you need (to my understanding atleast) to add the keyword "log" at the end of the rule and you can also set at which logging level that message should be viewed.
If you just wanted to log TCP and UDP connection forming then that should happen by default if you have enabled Informational logging level for the target of the Syslog messages. And by target I mean where the syslog have been configured to be sent, for example ASDM, Syslog server etc.
- Jouni
06-20-2013 01:27 AM
Hi,
Atleast the output above shows that the ASDM logging level is Informational which wont show Debugging messages.
- Jouni
06-20-2013 01:33 AM
Also,
If you are trying to get logs from an ACL rule that permits traffic then you could go to the ACL rule on the ASDM and edit the rule and enable logging for it and change the level to Informational for example and then try again viewing the log.
- Jouni
06-20-2013 01:37 AM
Hi,
Thanks. Get it. I tried to apply logging level informational to the rule as well as I assumed it might have something to do with it but I still got nothing. It's a pair of hosts to another pair of hosts rule set for a specific TCP port only. Could that traffic logging be regarded as Informational? Or do I need to set ASDM logging level to debugging as well as the rule in order to see the traffic?
06-20-2013 01:44 AM
Hi,
To my understanding by default the ASA doesnt generate logs when an connection hits a rule that permits traffic.
On the other hand when traffic hits a deny rule or implicit deny rule then a log message will be generated by default.
So to get the ASA to log messages when traffic hits a permit rule you need (to my understanding atleast) to add the keyword "log" at the end of the rule and you can also set at which logging level that message should be viewed.
If you just wanted to log TCP and UDP connection forming then that should happen by default if you have enabled Informational logging level for the target of the Syslog messages. And by target I mean where the syslog have been configured to be sent, for example ASDM, Syslog server etc.
- Jouni
06-20-2013 02:24 AM
I managed to solve it. I went into CLI and reconfigured the rule instead of doing it from ASDM. That solved it... No idea why though. As I switched around config in ASDM the CLI config changed so that should have been the same thing? Anyway, thanks for helping out
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: