Solved: Re: ASA5516 Firewall

Lake · ‎04-30-2018

Hi Guys,

Can someone please confirm if the commands below has allowed traffic from the firewall to our syslog server? I was told by someone that only denied traffic is being logged.

no logging hide username
logging buffer-size 1000000
logging monitor debugging
logging buffered informational
logging trap warnings
logging host inside xx.xx.xx.xx

Any help will be greatly appreciated.

Thanks,

Lake

Marvin Rhoads · ‎04-30-2018

the line "logging trap warnings" controls what messages are sent to your syslog server. Warning (level 5) messages would not by default include all tcp connections and udp flows. For that, the setting would need to be "logging trap informational" to get those messages which are normally level 6. i.e. messages beginning like:

%ASA-6-302013: Built inbound TCP connection...

%ASA-6-302014: Teardown TCP connection...

Note the number "6" in those two messages which indicates the level they are (by default).

View solution in original post

Marvin Rhoads · ‎04-30-2018

the line "logging trap warnings" controls what messages are sent to your syslog server. Warning (level 5) messages would not by default include all tcp connections and udp flows. For that, the setting would need to be "logging trap informational" to get those messages which are normally level 6. i.e. messages beginning like:

%ASA-6-302013: Built inbound TCP connection...

%ASA-6-302014: Teardown TCP connection...

Note the number "6" in those two messages which indicates the level they are (by default).

Lake · ‎05-01-2018

Thank you very much, Marvin. I truly appreciate your help.

Regards,

Lake