how to setup syslogging to capture ip connection log

creedonjm · ‎06-16-2016

I have a Cisco ASA (8.2(5)59) that I would like to setup a log to track all in bound connections but I can't seem to find out how to do so without having Debugging turned on and even at that I am not certain I am getting what I need. Is there a step by step how to to get this enabled, either CLI or ASDM.

Thanks

Aditya Ganjoo · ‎06-16-2016

Hi,

I would suggest to go for real time ASDM logging or you can set up a syslog server.

logging enable

logging buffered debugging

logging asdm debugging

logging trap debugging

logging host <interface name> <syslog server IP>

Regards,

Aditya

Please rate helpful posts and mark correct answers.

creedonjm · ‎06-17-2016

Thank you for the response. I am seeing connection information. Maybe I'm not understanding what I am seeing. I see messages like:

06-17-2016 09:39:19 Local0.Info 10.0.2.1 Jun 17 2016 09:39:18: %ASA-6-305012: Teardown dynamic TCP translation from inside:10.0.0.1/46604 to Outside:123.123.123.123/64363 duration 0:01:47

(123.123.123.123 being my public IP)

I was hoping to see a list of

10.0.0.1/port to <some sever out in the world's IP>

Maybe I need filtering, this is a start and I thank you for your assistance.

Aditya Ganjoo · ‎06-17-2016

Hi,

You should be able to see all the connections now.

Try going to the monitoring tab on the ASDM and check real time logs.

They are pretty handy and give you an option to filter it on basis of IP/username etc.

Regards,

Aditya

Please rate helpful posts and mark correct answers.