Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
663
Views
0
Helpful
5
Replies

ASA Realtime logging

Go to solution
dan.letkeman
Level 4
Level 4

‎03-12-2013 04:21 PM - edited ‎03-11-2019 06:13 PM

Hello,

I'm wondering if there is a better way to show the logging in the realtime logger.  Currently it only shows outbound nat translations and nothing more

severity, date, time, syslog id, source ip, source port, destination ip, destination port, description

6          Mar 12 2013          18:17:49          305011          172.16.0.101          62193          216.2.7.68          62193          Built dynamic UDP translation from inside:172.16.0.101/62193 to outside:216.2.7.68/62193

I would like to be able to view the destination IP that 172.16.0.101 is trying to reach and not just my public ip address, but to do this I have to use the packet capture wizard each time and open up wireshark each time to view the traffic.  There must be a better way.

Thanks,

Dan.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jocamare
Level 4
Level 4
In response to dan.letkeman

‎03-12-2013 05:14 PM

Mind sharing the output of the "show run logging" command from the ASA?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
jocamare
Level 4
Level 4

‎03-12-2013 04:55 PM

Check for these logs, "ASA-6-302013"

ASA-6-302013: Built {inbound|outbound} TCP connection_id for interface:real-address/real-port  (mapped-address/mapped-port) to interface:real-address/real-port  (mapped-address/mapped-port) [(user)]

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to jocamare

‎03-12-2013 05:12 PM

I see none of those.  Only ASA-6-305011 Built and ASA-6-305012 Teardown

And all of these messages only show my private IP and my public IP not the actual destination.

0 Helpful

Go to solution
jocamare
Level 4
Level 4
In response to dan.letkeman

‎03-12-2013 05:14 PM

Mind sharing the output of the "show run logging" command from the ASA?

0 Helpful

Go to solution
dan.letkeman
Level 4
Level 4
In response to jocamare

‎03-12-2013 05:19 PM

logging enable

logging timestamp

logging trap warnings

logging asdm informational

logging facility 19

logging host inside 10.5.0.166

logging permit-hostdown

no logging message 106015

no logging message 313001

no logging message 313008

no logging message 106023

no logging message 710003

no logging message 106100

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 302018

no logging message 302017

no logging message 302016

no logging message 302021

no logging message 302020

I see now what I need to do.....any reason why this would be this way?  Is it a good idea to leave some of these?

0 Helpful

Go to solution
jocamare
Level 4
Level 4
In response to dan.letkeman

‎03-12-2013 05:28 PM

Some people prefer to stop logging certain messages when they get a lot of information or just a lot of logs.

Depending on the scenario, too many logs can represent a problem with CPU resources and sometimes bandwidth.

If you know your network like you know your facebook contacts [insert laughs here] i would recommend you to leave it like this until you understand the real purpose of the commands or have a little chat with the person that configured the unit.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card