12-12-2006 03:51 AM - edited 03-11-2019 02:07 AM
Hi all,
when to construct a rule base we need to log 106100 messages to see which connections are required, but no 106100 message appears. does anybody know the reason or what can i do to enable logging this message.
thanks.
12-12-2006 08:18 PM
Log 106100 normally tells you of the denied/permitted translation/access.
In PIX/ASA, enable the syslog service and logging level to informational (notification will do as well):
Minimum config will be as follow:
ASA(config)# logging enable --> (in PIX, use 'logging on')
ASA(config)# logging buffer informational
You may enabled timestamp as well to get correct time/date of the events, or send it to external syslog server.
Verify this using 'sh log' command:
HTH
AK
12-12-2006 08:26 PM
You may use access-list (ACL) and apply to Inside interface to ensure all logs/events are recorded.
Since your're still at the starting level, create ACL permitting any/all traffic. This is good for internal access to external/internet or any lower security level segment.
example:
access-list inside permit tcp any any
access-list inside permit udp any any
access-group inside in interface inside --> bind to inside inyetface
Optionally, you can use 'ip' to replace tcp/udp keyword, and have 1 ACL line instead of 2. But having separate TCP & UDP lines gives you more accurate hitcount on TCP & UDP traffics. But no exact rules on this.
To check outside/internet access to your internal server(s), I am not sure sure if you already have ACL permitting the incoming access, plus the static nat for internal server-Public IP address mapping.
HTH
AK
12-12-2006 11:33 PM
As you can clearly see from the following the necessary configuration is done. the problem is although i enable logging informational no 106100 log appears at ASDM. the question is what may be the reason.
thanks.
FW-ROM-OUT# sh logg
Syslog logging: enabled
Facility: 17
Timestamp logging: disabled
Standby logging: disabled
Deny Conn when Queue Full: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: list access-list, 14914 messages logged
Trap logging: list permitler, facility 17, 176370 messages logged
Logging to inside 10.129.0.237
Logging to inside SYSLOG
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, class session sys, 90100 messages logged
12-13-2006 06:29 AM
Can you enable log for 106100?
pix(config)#logging message 106100
This link provide some useful tips:
12-14-2006 03:29 AM
we used same kind of logging on FWSM before, so as to configuration there is no missing thing. however we had to upgrade our product for FWSM to see this log since there was a bug for it. it seems a bug exist for ASA also but i could not find out any using bug tool at cisco.com.
12-14-2006 08:01 PM
I couldn't find any either. Informational level should be fine as 106100 (user-defined severity), by default appear in severity level 6.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide