ASA ACL logging

Chekol Retta · ‎10-10-2016

Hello

I have an access-list with permit ip any any at the bottom configured and applied to an interface. The reason I am permitting any traffic at the bottom is not to adversely affect legitimate traffic until I know the environment. When I do show access-list, the hit count for ip any any increments, but don't see the source and destination ip addresses hitting the access-list. Is this not the best way to see what is hitting the access-list?

Aditya Ganjoo · ‎10-10-2016

Hi,

You can check the real time logging on the ASDM for real time hits.

Go to the monitoring tab on the ASDM and click on logging tab.

Alternatively you can use the logging keyword in the ACL statement as well:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html

hostname(config)# access-list TEST permit ip any any log

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Chekol Retta · ‎10-10-2016

Hi Aditya

Yes the ACL is configured with the log keyword at the end. I also have permit ip 10.0.0.0 255.255.0.0 10.10.0.0 255.255.0.0 log 7 and permit tcp 192.168.0.0 255.255.255.0 10.10.0.0 255.255.0.0 log configured. None of them shows the detail.

Aditya Ganjoo · ‎10-10-2016

Hi,

Can you share the output of sh run logging ?

sh logging should typically show it if logging is enabled.

Regards,

Aditya

Please rate helpful posts and mark correct answers.