cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


320
Views
0
Helpful
6
Replies
Highlighted
Beginner

Change Access List logging globally

It seems we don't have the "LOG" entry on any of our access lists. Is there a way to globally turn this on so it logs all access lists to the syslog server or do I have to enter this one by one on the ASA command line or ASDM?

Everyone's tags (1)
6 REPLIES 6
Enthusiast

Re: Change Access List logging globally

Hi,

Try enable logging message 106100 and see are you getting the ACL hit logs in syslog server

 

HTH
Abheesh

Beginner

Re: Change Access List logging globally

I'm not exactly sure how to do this. I tried logging message 106100 but it didn't work. I don't see any clear instruction how to get permits to log if the default acl logging is being used WITHOUT the log entry at the end. There are articles but nothing pointing me in the right direction yet.


Hall of Fame Master

Re: Change Access List logging globally

106100 is a level 6 (informational) message, so you would need your global logging also set to level 6 (or 7) for it to start appearing.

Beginner

Re: Change Access List logging globally

No you get an error message when doing this.



INFO: Please use the access-list command to change the severity level of this syslog



I've tried everything I think.


Hall of Fame Master

Re: Change Access List logging globally

I'm not suggesting to change the severity of the message but rather your GLOBAL setting.

 

Can you share the output of "show run logging"?

Beginner

Re: Change Access List logging globally

My global sending to syslog servers is 6...info.