Solved: Hi,

jet.chuk · ‎08-01-2017

We want to check what caused the server behind 5512 cannot be accessed from outside occationally.

If we can check some log like NAT traffic?

If we can set some monitoring?

Other way to do this?

Thanks in advance.

Aditya Ganjoo · ‎08-01-2017

Hi,

You can check the following things on the ASA:

show logging | in <server ip>--- Only if logging is enabled on the ASA

show conn | in <server ip>

show xlate | in <server ip>

Regards,

Aditya

Please rate helpful and mark correct answers

Aditya Ganjoo · ‎08-01-2017

Hi,

You can check the following things on the ASA:

show logging | in <server ip>--- Only if logging is enabled on the ASA

show conn | in <server ip>

show xlate | in <server ip>

Regards,

Aditya

Please rate helpful and mark correct answers

jet.chuk · ‎08-01-2017

Thanks Aditya,

How many (period) logging I can check if it is enalbed on ASA?

Will the logging be overwrite/cut if I go to check it not quickly enough?

Can I send log to a server to extend the period of logging if the answer of second question is yes?

Aditya Ganjoo · ‎08-01-2017

Hi,

Yes, you can send the syslogs to a server.

And it can be overwritten depending on the size of buffer set and the log level you set.

Use the following config:

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc6

https://supportforums.cisco.com/discussion/13028651/cisco-asa-syslog-forward-all-logs-syslog-server

Regards,

Aditya

Please rate helpful and mark correct answers

ASA 5512 log function or something