10-17-2018 05:45 AM - edited 02-21-2020 08:21 AM
Hi there,
I'm trying to see what traffic is hitting this particular rule:
access-list X line 1 extended permit tcp object-group SRC_X object SRC_X log debugging interval 300 (hitcnt=323) 0xb7788b5f
access-list X line 1 extended permit tcp x.x.x.0 255.255.248.0 host 1.1.1.1 log debugging interval 300 (hitcnt=117) 0xdd1a891c
access-list X line 1 extended permit tcp x.x.x.0 255.255.248.0 host 1.1.1.1 log debugging interval 300 (hitcnt=206) 0x00417bf4
How exactly would I see the debug logs generated for this ACL? I need to see details of the connection allowed through this ACL
Thanks!
10-17-2018 06:23 AM
The ASA is not very good at this. The best method would be to set up a syslog server and log informational messages to it. then filter on the IPs or subnets you are looking for.
10-17-2018 06:40 AM
Thanks Marius
I've configured syslog servers on the ASDM, with a severity of informational and specific class events of 'session/user session' to debugging. The session/user session syslog message should include message 106100, which should log like:
Error Message %PIX|ASA-6-106100: access-list acl_ID {permitted | denied | est-allowed} protocol interface_name/source_address(source_port) -> interface_name/dest_address(dest_port) hit-cnt number ({first hit | number-second interval}) hash codes
https://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768518
I have ofcourse set the ACL to log at debug.
The problem with this ACL is I've done packet captures, used 'show conn' and used the real time log monitor on the ASDM as well as looking at netstat on the end server - I simply cannot see those connections
10-17-2018 06:53 AM
You don't see them in the capture either?
If that is the case then this might be being dropped by an interface ACL. Which in itself is another syslog message.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide