07-18-2011 07:03 AM - edited 03-11-2019 02:00 PM
Hi All,
I need some assistance trying to see what the actual hits are on a specific ruleset on a ASA firewall.
We created a rule required by the server engineers for specific services and ports required. However they were still not able to access or login even though we added the specified ports.
We then created a rule below that matching the first rule but allowed ip/any and the service now works and we see lots of hits on the second ip/any rule.
How can we actually see what the hits are, like source and destination IP's, ports etc?
We do have a syslog server in the environment but this logs actual ASA logs, how do we see the hits on the actual rule?
Thanks
ZS
Solved! Go to Solution.
12-31-2013 07:35 AM
Hello,
I was having a similar issue and this thread led me in the right direction. I know it's probably a little late since this post was over 2 years ago but I wanted to share in case anyone else is stuck.
In ASDM I was able to right click the rule, check enable logging, and set the logging level to Debugging. I then set the logging level for syslog to debugging. On the rule I right clicked and selected "show log". From the real-time log view the rule marker automaticall populated in the filter by box (ex. 0xbad3f8d). I took this marker and searched through our syslog server for it. The entries with the marker matched the hits on the firewall.
I hope this helps!
06-18-2019 12:42 AM
6 years later, your post actually helped me ;-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide