06-18-2010 01:12 AM - edited 03-11-2019 11:00 AM
Hello,
Can I be alerted when a rule is used on my ASA 5520? I do have a syslog server, but don't know how to getthis alert in there or if it's the best way?
Thanks
06-18-2010 07:40 AM
If you have the "log" keyword at the end of your access-list, it will be logged as a syslog message. It's syslog message# 106100:
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049
You can send those syslog messages to a syslog server.
Example:
logging enable
logging list acl-list message 106100-106100
logging trap acl-list
logging host
Hope that helps.
06-18-2010 11:45 AM
Additionally, you can send that specific syslog out as an e-mail from the ASA. It just depends what you are looking for.
Let us know if this answers your question, or if you have a follow-up.
Sincerely,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide