ASA ACE syslog problem

Francois Bachelier · ‎12-06-2012

Hi,

I've a problem with syslog logging on my Cisco ASA 5510 version 8.2(1)

I need to:

- 1) log some ACL with warning level to log deny acces

- 2) log some ACL with informational level to log permit and deny acces (notification level log only deny access and not permit acces)

- 3) not log others ACL

For 1), I configured the syslog server with warnings level and i enabled the logging rules with default level (syslog default level)

logging enable

logging trap warnings

loggging host "interface" "host"

access-list "interface" extended permit ip any any log default

For 2), I enabled the logging rules with specific level (informational).

access-list "interface" extended permit ip any any log 6 interval 300

For 3), I disabled the logging rules

access-list "interface" extended permit ip any any log disable

My problem is that the syslog logging level bypass the ACL logging level.

Even if some ACL are configured with informational level, the ASA send only warnings logs to the syslog.

I tried to configure the syslog default level to warnings, to remove the ACL and then put it back again with the specific logging level but I still have the problem.

Thanks in advance for your help

Francois

Francois Bachelier · ‎12-07-2012

Hi,

Can someone help me?

As the syslog logging filter bypass the ACL logging levels, I have to configure syslog logging filter to informational to have informational logs for my specific ACLs.

Therefore, I have to many logs...

The solution to rebuid the ACL after having changed the syslog default level doesn't work.

My temporary solution is to configure the syslog logging filter to informational and to disable the useless syslog ID in syslog setup.

Thank's in advance for your help.

Francois.

loperatechnologies · ‎07-30-2013

were you able to solve this problem? i have the same issue. the no-log statement doenst work on the ACL line.