Solved: Enable logging on a single rule in ASA

Chess Norris · ‎02-15-2022

Hi,

I am trying to log connections on a specific ace rule in the ASA and wonder if this is possible to do that without first enable the same loggin level globaly?

At the moment I have an ace that looks like this - access-list management_access_in line 8 extended permit ip any any log informational interval 10. I can see connections hitting this rule by searching only for message 106100, but the problem I am having is that this only work after I enable the same logging level globally and the causes the logging buffer to fill up really quick and after about 5 minutes the buffer is full.

A syslog server would solve this problem, but at the moment there is no one in place, so I am looking for a solution where the buffer only save the output from the specific rule I am logging. Is this possible?

Thanks

/Chess

Aref Alsouqi · ‎02-15-2022

You can try to create a logging list with only the messages IDs you want to see on the buffer, in your case would be something similar to this:

logging enable

logging list TEST message 106100

logging buffered TEST

View solution in original post

Aref Alsouqi · ‎02-15-2022

You can try to create a logging list with only the messages IDs you want to see on the buffer, in your case would be something similar to this:

logging enable

logging list TEST message 106100

logging buffered TEST

Chess Norris · ‎02-15-2022

@Aref Alsouqi That was exactly what I was looking for and it seeams to work great. Thank you!!

/Chess