05-04-2011 01:44 AM - edited 03-11-2019 01:28 PM
Hi,
is there any possibillity to generate a syslog message, if a time based acl ends ?
example config:
time-range T_Apr27
absolute end 23:59 27 April 2011
!
access-list NAME extended permit tcp host x.x.x.x host y.y.y.y eq 1500 time-range T_Apr27
the rule above ends the " 23:59 27 April 2011" and it would be great if I could generate a syslog or snmp trap when the rule ends.
Any ideas or suggestions ?
thx
05-06-2011 02:50 AM
I did a bit of recreate for this thing and I dont thinks so we see any logs for the ACL being expired. We dont get any logs in the ASDM syslog nor through snmp.
Through SNMP we can just get the details of the active ACL, but not get any specific information for an ACL being expired.
Let me know if that helps.
Regards,
Varun
05-06-2011 04:56 AM
thx for the info
it doesn´t really helps, but now I have the confirmation that ther is no logging feature for that. :-)
Therefore I have to build a script to parse the fwsm configuration and check which rules are expired
thx
sthon
05-06-2011 05:04 AM
Sthon,
Keep me posted regarding it.
Thanx,
Varun
05-06-2011 05:07 AM
script is up and running and looks like it works
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide