07-10-2014 02:28 AM - edited 02-21-2020 05:14 AM
I am attempting to forward logs from my ASA estate to a Skybox server to monitor the useage of the ACL. I have followed all of the relevent steps as defined below but there is no sign of 106100 messages in the either the sent syslog messages, ASDM log or the buffer log.
logging enable
logging buffered informational
logging trap informational
logging asdm informational
syslog 106100: default-level informational (enabled)
The ACL's have logging enabled with the below at the end of each ACL entry;
The logging rule for the syslog server does report errors\drops which I am not sure why when the other syslog servers don't register issues. The server is pingable from the firewall so it isn't a case of it being unreachable;
Show logging output;
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level informational, 124277 messages logged
Trap logging: level informational, facility 20, 124277 messages logged
Logging to INSIDE x.x.x.x
Logging to INSIDE x.x.x.x errors: 37 dropped: 252
Permit-hostdown logging: enabled
History logging: disabled
Mail logging: disabled
ASDM logging: level informational, 124277 messages logged
This is a common problem across three sets of ASA firewalls running different version so it must be something that I am missing.
Any help would be gratefully received.
07-10-2014 03:55 AM
Hi ,
use command "logging message 106100"
In this case, issue the logging message 106100 command to enable the message 106100.
HTH
Sandy
07-10-2014 04:05 AM
Thank you for the response. I had checked the show logging message all command and this is already enabled;
syslog 106100: default-level informational (enabled)
I ran the command anyway and it has made no difference and the traffic information is not visible in any of the logs.
07-10-2014 04:36 AM
Hi ,
Have enabled log on your ACL command
If you enter the log option without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). See the following options:
•level—A severity level between 0 and 7. The default is 6.
•interval secs—The time interval in seconds between system messages, from 1 to 600. The default is 300. This value is also used as the timeout value for deleting an inactive flow.
•disable—Disables all access list logging.
•default—Enables logging to message 106023. This setting is the same as having no log option.
HTH
Sandy
07-10-2014 05:27 AM
Below is a snapshot of one of the access-list lines, so logging is set and was added at the end of each ACL line without any further arguements;
access-list outside_cryptomap_81 line 8 extended permit ip x.x.x.x 255.255.255.0 x.x.x.x 255.255.254.0 log informational interval 300 (hitcnt=408)
07-10-2014 06:06 AM
Can you share me logging configuration of your ASA .
HTH
Sandy
07-10-2014 06:46 AM
Please see below;
logging enable
logging timestamp
logging buffer-size 64000
logging buffered informational
logging trap notifications
logging asdm informational
logging queue 8192
logging device-id hostname
logging host inside x.x.x.x
logging permit-hostdown
logging rate-limit 30 60 level 7
08-24-2017 08:21 AM
11-27-2018 05:52 PM
Did you ever figure this out? I'm trying to get all of my acls to log permits using 106100 but I cannot get it to work. I guess I could redo all the acls to include "log 6" or something but I would rather not.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide