02-15-2022 12:55 AM
Hi,
I am trying to log connections on a specific ace rule in the ASA and wonder if this is possible to do that without first enable the same loggin level globaly?
At the moment I have an ace that looks like this - access-list management_access_in line 8 extended permit ip any any log informational interval 10. I can see connections hitting this rule by searching only for message 106100, but the problem I am having is that this only work after I enable the same logging level globally and the causes the logging buffer to fill up really quick and after about 5 minutes the buffer is full.
A syslog server would solve this problem, but at the moment there is no one in place, so I am looking for a solution where the buffer only save the output from the specific rule I am logging. Is this possible?
Thanks
/Chess
Solved! Go to Solution.
02-15-2022 01:37 AM
You can try to create a logging list with only the messages IDs you want to see on the buffer, in your case would be something similar to this:
logging enable
logging list TEST message 106100
logging buffered TEST
02-15-2022 01:37 AM
You can try to create a logging list with only the messages IDs you want to see on the buffer, in your case would be something similar to this:
logging enable
logging list TEST message 106100
logging buffered TEST
02-15-2022 01:54 AM
@Aref Alsouqi That was exactly what I was looking for and it seeams to work great. Thank you!!
/Chess
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide