cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
57648
Views
18
Helpful
4
Replies

Traffic Logs In ASA

Harmeet Singh
Level 1
Level 1

Hi,

It may be a repeated or very simple question.

How can I see and store the traffic (Live & Historical) details that is passing my ASA (IPs, Ports etc..)

Harmeet

4 Replies 4

usman ali dar
Level 1
Level 1

hi Harmeet,

if you have the ASA of any model you can use the following 2 methods to analyze the traffic that is passing from the ASA.

1- From- CLI

2- From -ASDM (ASA Device Manager)

3-capture traffic (only which is required)

before you move ahead, please note that firewalls usually dont have any storage space that can stored the traffic logs that is passing through it, until unless you have installed a Flash Card or USB.

1 - From CLI

from cli you execute many commands like the simple one is

  1. show logging: will display the running traffic
  2. show nat: will update you the translation information
  3. show xlate: will update you the static and dynamic table
  4. Show show conn, and show local-host conn
  5. show proc
  6. show asp drop

and so on the link below is the command reference guide in detail and will help you to get all the possible commands you want to execute.

2- ASDM:

from asdm it is quite easy and very informative to use. from asdm manager you can follow the following steps and can see the running traffic or live traffic or can filter the traffic as you require

login via asdm

after you login you will see that at the bottom of the asdm the logs are running which you can review, stop pause or start

click Monitoring from the top tab its option number 3

now on your right you will see all the ARP table learned by firewall

on left pane click logging

after you click logging, the right pane will change and you will have option to view

click view button

when you click view button, a new window will open and you will see all the logs that are currently being passed from firewall

you can use filter to search any specific information

you can create a filter to search

if you dont have any logging server then, you would require one to send your logs for proper storage and configure your security device on certain level

i hope this information will help you.

Cisco ASA 5500 Series Command Reference, 8.2 - same-security-traffic -- show asdm sessions [Cisco ASA 5500-X Series Fire…

Kuat Bakenov
Level 1
Level 1

1. network interface utiliz - use snmp.

2. utilize "l3"  - use netflow.

graph+history....

Samer R. Saleem
Level 4
Level 4

Hi

if you mean the logs then you can use syslog server and configure the remote syslog on the firewall for example use kiwi syslog server

if you mean bandwidth monitor then maybe some good nms like prtg would be good, i have tried open source like cacti and its bad because its and to find templates for the ASA

also you have packet capture that you can start and then store and then open using wireshark

also you have netflow

but for what i think would be less impact on the firewall is remote syslog server with enabling trap informational

and you can buy something like manage-engine log analyzer to read your logs....

#Mat
Level 6
Level 6

Hi Harmeet Singh, with these commands you will able to see all event on your ASA from CLI.

configure terminal

logging buffer-size 500000    [select your size]

logging buffered debugging    [select your level]

logging enable

Then you will able to view with show logging. You can use | grep for getting filters.

Here there are two useful links for syslog:

ASA Syslog Configuration Example - Cisco

https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa

Regards.-

.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: