Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2565
Views
0
Helpful
3
Replies

ASA - can I log all denied attempts from outside interface?

Andy White
Level 3
Level 3

‎06-10-2011 10:45 AM - edited ‎03-11-2019 01:43 PM

Hello,

How do I know if someone has attempted to hack into my ASA from the outside?  I understand the firewall drops the traffic if the rules don't apply, but I was wondering if there is a way of logging attempts on any ports on the ASA against the outside interface (so anyone from the internet) to our syslog server then I can generate reports and alerts from there.

We have a number of public IP addresses that the ASA Nat's to various servers can these also be monitored?

What options do I have?

Many thanks in advance for your time spent looking at my issue.

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎06-10-2011 10:55 AM

Hi Andy,

Lots of options here:

First being, setting up a syslog server, you would need the following config for it.

logging host

logging trap 7

logging facility 20

Install a syslog server on a machine like kiwi sysog server.

Or

In the ASDM, go to the Access-rules, you would see a deny acl right at the bottom, whenever you see hitcounts increasing on it, just right click----> show log ------> ASDM real-time log viewer would pop up, you can see real-time logs of the traffic being denied by the firewall.

These docs migt help you:

http://www.cisco.com/en/US/customer/docs/security/asa/asa83/system/message/logsevp.html

and

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Andy White
Level 3
Level 3
In response to varrao

‎06-10-2011 11:08 AM

I see an implicit deny at the bottom of my outside account list but it doesn't have a hit count next to it, should it?

0 Helpful

varrao
Level 10
Level 10
In response to Andy White

‎06-10-2011 11:18 AM

If this gets hit, then it would show a hit count.

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card