04-24-2012 01:35 PM - edited 03-11-2019 03:57 PM
Hi,
How do get the ASA to log access denied events to the ASDM and syslog server? I have another ASA which will log any attempts made that have no access as error and then I pick them up on the syslog server, but can't get this other ASA to do this, any ideas?
The ASDM never seems to syslog ID 106023 as error.
Thanks
04-24-2012 04:13 PM
Per the log message reference that message should be logged at severity 4, warning.
Assuming your have ASDM logging set to level 4 (or greater) - e.g. "logging asdm 4" - and haven't addded a "no log message 106023" or similar command, that message should be logged to ASDM.
04-25-2012 12:32 AM
This is what I have:
logging enable
logging timestamp
logging standby
logging buffer-size 200000
logging console errors
logging monitor errors
logging buffered critical
logging trap errors
logging asdm errors
logging facility 16
logging device-id hostname
logging host inside 192.168.2.129
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging message 315011 level alerts
logging message 713167 level critical
logging message 106010 level warnings
logging message 106006 level errors
logging message 713121 level errors
logging message 713120 level errors
logging message 713124 level errors
logging message 725001 level warnings
logging message 725002 level warnings
logging message 725003 level warnings
logging message 713135 level errors
logging message 606002 level critical
logging message 606001 level critical
logging message 106023 level errors
logging message 106021 level warnings
logging message 713119 level critical
logging message 713066 level errors
logging message 113019 level critical
logging message 113009 level critical
logging message 113008 level critical
logging message 710003 level alerts
logging message 113015 level alerts
logging message 113005 level critical
logging message 113004 level critical
logging message 713050 level errors
logging message 611102 level alerts
logging message 605005 level critical
logging message 713052 level errors
logging message 605004 level critical
logging message 111008 level alerts
logging message 716039 level critical
logging message 716038 level critical
logging message 716001 level critical
04-25-2012 12:40 AM
Hi,
Seems you do have the "no" command for that syslog message ID.
Marked BOLD RED
logging enable
logging timestamp
logging standby
logging buffer-size 200000
logging console errors
logging monitor errors
logging buffered critical
logging trap errors
logging asdm errors
logging facility 16
logging device-id hostname
logging host inside 192.168.2.129
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging message 315011 level alerts
logging message 713167 level critical
logging message 106010 level warnings
logging message 106006 level errors
logging message 713121 level errors
logging message 713120 level errors
logging message 713124 level errors
logging message 725001 level warnings
logging message 725002 level warnings
logging message 725003 level warnings
logging message 713135 level errors
logging message 606002 level critical
logging message 606001 level critical
logging message 106023 level errors
logging message 106021 level warnings
logging message 713119 level critical
logging message 713066 level errors
logging message 113019 level critical
logging message 113009 level critical
logging message 113008 level critical
logging message 710003 level alerts
logging message 113015 level alerts
logging message 113005 level critical
logging message 113004 level critical
logging message 713050 level errors
logging message 611102 level alerts
logging message 605005 level critical
logging message 713052 level errors
logging message 605004 level critical
logging message 111008 level alerts
logging message 716039 level critical
logging message 716038 level critical
logging message 716001 level critical
- Jouni
04-25-2012 12:54 AM
Wow I'm stupid, I just couldn't see it.
Thanks guys
04-25-2012 04:17 AM
You're welcome. Please mark your question as answered and rate the posts if they helped.
04-25-2012 12:55 AM
Also,
I think you need to change the "logging" configurations
logging trap errors
logging asdm errors
to "notifications" atleast
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide