Re: ASA 7.2 106100 logging

skarahasan · ‎12-12-2006

Hi all,

when to construct a rule base we need to log 106100 messages to see which connections are required, but no 106100 message appears. does anybody know the reason or what can i do to enable logging this message.

thanks.

a.kiprawih · ‎12-12-2006

Log 106100 normally tells you of the denied/permitted translation/access.

In PIX/ASA, enable the syslog service and logging level to informational (notification will do as well):

Minimum config will be as follow:

ASA(config)# logging enable --> (in PIX, use 'logging on')

ASA(config)# logging buffer informational

You may enabled timestamp as well to get correct time/date of the events, or send it to external syslog server.

Verify this using 'sh log' command:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008063b3ff.html#wp1064559

HTH

AK

a.kiprawih · ‎12-12-2006

You may use access-list (ACL) and apply to Inside interface to ensure all logs/events are recorded.

Since your're still at the starting level, create ACL permitting any/all traffic. This is good for internal access to external/internet or any lower security level segment.

example:

access-list inside permit tcp any any

access-list inside permit udp any any

access-group inside in interface inside --> bind to inside inyetface

Optionally, you can use 'ip' to replace tcp/udp keyword, and have 1 ACL line instead of 2. But having separate TCP & UDP lines gives you more accurate hitcount on TCP & UDP traffics. But no exact rules on this.

To check outside/internet access to your internal server(s), I am not sure sure if you already have ACL permitting the incoming access, plus the static nat for internal server-Public IP address mapping.

HTH

AK

skarahasan · ‎12-12-2006

As you can clearly see from the following the necessary configuration is done. the problem is although i enable logging informational no 106100 log appears at ASDM. the question is what may be the reason.

thanks.

FW-ROM-OUT# sh logg

Syslog logging: enabled

Facility: 17

Timestamp logging: disabled

Standby logging: disabled

Deny Conn when Queue Full: disabled

Console logging: disabled

Monitor logging: disabled

Buffer logging: list access-list, 14914 messages logged

Trap logging: list permitler, facility 17, 176370 messages logged

Logging to inside 10.129.0.237

Logging to inside SYSLOG

History logging: disabled

Device ID: disabled

Mail logging: disabled

ASDM logging: level informational, class session sys, 90100 messages logged

a.kiprawih · ‎12-13-2006

Can you enable log for 106100?

pix(config)#logging message 106100

This link provide some useful tips:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#use3

skarahasan · ‎12-14-2006

we used same kind of logging on FWSM before, so as to configuration there is no missing thing. however we had to upgrade our product for FWSM to see this log since there was a bug for it. it seems a bug exist for ASA also but i could not find out any using bug tool at cisco.com.

a.kiprawih · ‎12-14-2006

I couldn't find any either. Informational level should be fine as 106100 (user-defined severity), by default appear in severity level 6.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html#wp1085819