Solved: ASA 5510 ASDM show log on access-list empty

Ivan Tesselaar · ‎03-15-2013

I created some acess-lists, and you can assign a logging level to this access-list. Now this ACL has a lot of hits, so i want to see whats happening. Only the log I then see is completely empty. I cannot figure out how to get some info in that log.

I think there is some global logging setting i probably need to enable in order to get anything logged at all, but i cannot figure out which.

Jouni Forss · ‎03-15-2013

Hi,

I think it will probably need the ASDM logging level set to informational. Though if you have already checked logs through ASDM it should probably already be there?

Check if you have

logging asdm informational

In your configurations

- Jouni

View solution in original post

Jouni Forss · ‎03-15-2013

Hi,

I think it will probably need the ASDM logging level set to informational. Though if you have already checked logs through ASDM it should probably already be there?

Check if you have

logging asdm informational

In your configurations

- Jouni

Ivan Tesselaar · ‎03-15-2013

I have: logging asdm alerts

Probably to low?

Jouni Forss · ‎03-15-2013

Hi,

Alerts is Severity 1

Informational is Severity 6

I imagine if you changed the ACL rules level to Alerts it would start to show on the ASDM log.

Other option is to change the "logging asdm informational"

Or perhaps changing the ACL rule to "notifactions" and configuring "logging asdm notifications" if you generally want to see a low amount of logs on the ASDM. I have not had much need to change the ASDM logging level from the Informational / Debugging level.

- Jouni

Ivan Tesselaar · ‎03-15-2013

I want to see if the ACL is hit, and what hits it. The minimum for this is informational.

But I sont really like to raise the "general" level much higher, because the logging on the Home view is very busy then. But this configuration made it work. I sont really understand why cisco made it this way. This is also a big strain on the processor.

Thanks for your help!