Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Firewalls Community


Filter informational traffic.


I am sending the informational log,specifically the message id302013 of cisco ASA to syslog server. I am only concern about the built in message created from outside to inside direction. Is it possible through configuration so that I can only receive traffic in syslog sevrer that flow from outside to inside zone.

Cisco Employee

Filter informational traffic.


So you just want to have outbound connections being logged? That message wont work neither the build local-host. I dont think there is a way to do that. You can always submit a enhacement request to a Cisco Account manager. Thinking it a little bit you can try the following workaround:

What you can do is to set an ACL with a normal permit IP any any with the log keyword at the end and place it on the Interface for example inside on the inbound direction. I will log every attempt to estalish a connection outbound the ASA, then you can set the logging level for that and send it to the syslog server.




Re: Filter informational traffic.

Hi Mike

Thanks for your reply.

I tried to do so but I faced another problem. I set the log  keyword at the end of ACL that is being applied to outside zone  interface and configured FW to send only the message id 106100 to syslog  server but enabling log gives some irrelevant traffic log. It catches  the 1st response packet of traffic that is actually initiated from  inside to outside direction which ideally should not happen caz return  traffic goes via existing session. I have users in inside zone which  connect to proxy server in outside zone. In case of proxy, the  connection always bulit up by the user, not by the proxy server, but i  get traffic log for those packets also that is replied by proxy( source  port is known proxy port & destination ip is user's machine IP  address and port is always unknown destination port). To make sure  whether this packet initiated by the proxy server, I started capture log  for both message ids 106100 & 302013 and found none of the build in  message is generated after getting log for permitted message(getting  generated by106100).So in case build in message is not getting generating, it is not proxy initiated traffic. I don;t know what is going on.

Please help.