Re: FWSM, ASA: time based acl - generate logging when it ends

sthon-dbsys · ‎05-04-2011

Hi,

is there any possibillity to generate a syslog message, if a time based acl ends ?

example config:

time-range T_Apr27

absolute end 23:59 27 April 2011

!

access-list NAME extended permit tcp host x.x.x.x host y.y.y.y eq 1500 time-range T_Apr27

the rule above ends the " 23:59 27 April 2011" and it would be great if I could generate a syslog or snmp trap when the rule ends.

Any ideas or suggestions ?

thx

varrao · ‎05-06-2011

I did a bit of recreate for this thing and I dont thinks so we see any logs for the ACL being expired. We dont get any logs in the ASDM syslog nor through snmp.

Through SNMP we can just get the details of the active ACL, but not get any specific information for an ACL being expired.

Let me know if that helps.

Regards,

Varun

Thanks,
Varun Rao

sthon-dbsys · ‎05-06-2011

thx for the info

it doesn´t really helps, but now I have the confirmation that ther is no logging feature for that. :-)

Therefore I have to build a script to parse the fwsm configuration and check which rules are expired

thx

sthon

varrao · ‎05-06-2011

Sthon,

Keep me posted regarding it.

Thanx,

Varun

Thanks,
Varun Rao

sthon-dbsys · ‎05-06-2011

script is up and running and looks like it works