cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
4
Helpful
2
Replies

debug/log for security rule

tato386
Level 6
Level 6

I have a security rule that prevents outbound SMTP connections from LAN IPs. This rule was inserted because it seems we have some infected PCs that are trying to send mail. Is there a way I can see what IPs are being denied the outbound SMTP so I can find and clean-up the PCs?

Rgds,

Diego

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Diego

Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278

You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.

Jon

If I use syslog is there a way of sending just the denies of the one rule to the syslog server? If not, and the ASA sends all data to the syslog I would think that sorting thru the logs for only the denies of this one particular rule would be quite a mission.

Thanks,

Diego

Review Cisco Networking for a $25 gift card