Oh, and also for syslog# 106100, if you don't specify the interval to generate the syslog message, by default it is every 300 seconds, so it is a possibility that you might have missed the first one.

Here is more information on the access-list with log and the interval for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a1.html#wp1559450

I have modified the logging level on the ASDM and the acl to information and

no entries are displaying ??  Only hits against the acl !!

Not to sure if its something to do with the interface itself ??

The information logs are only showing accessed url and built session logs and only this concurrent deny message of :

Deny inbound protocol 89 on the management interface to 224.0.0.5  ??

There is no other deny entries at all ??

Ahhh... so those are multicast deny. Are you actually running multicast routing protocol? because passing through multicast in routed mode is not supported unless the ASA is in transparent mode.

yeah those multicast messages are fine..  But l just

dont know why other deny messages from within our internal network are not displaying in the logs ??

Messages that should be generated off the "inside" interface are not showing !!!

I modified the specific deny acl to a time range of 1 second but this did not generate anything ??

Can you please share the actual configuration line of access-list, as well as the output of "show run log". Thanks.

screen shots attached !!

Even right clicking on the acl and going to "show log" does not display anything ??

Can you please share the CLI output as advised earlier, ie: both the ACL line as well as the output of "sh run log". Thanks.

Screenshot unfortunately does not show us the complete config.

And are you also continually sending HTTP traffic from 172.16.4.189 to different destinations?

Hi Jennifer just left work will get this to you same time tommorrow !! Thanks for your assistance

Simon Galloway

Systems Administrator

ICT Dept , ACMI , Fedsquare

LAN - 0386632308

MOB - 0412233109

Your interface ACL should look like this:

access-l ANY deny icmp any any log informational

That example shows the sintax with the log option.

Make sure you have that at the end of the ACL and like Jennifer said it would be good to see the sh run logg and your ACLs.

Here is the acl for this specific traffic that l am trying to test with

the deny rule and also below is the "sh run log" output ..  Hopefully you can suggest something that will help me start viewing inside interface log messages

access-list inbound_inside line 7 extended deny tcp host 172.16.4.189 any eq www log informational interval 1

attached is the full Inside Interface ACL List with the above acl on Line 7

firewall# sh run log
logging enable
logging timestamp
logging buffered errors
logging trap warnings
logging history errors
logging asdm warnings
logging mail alerts
logging from-address firewall@acmi.net.au
logging recipient-address simon.galloway@acmi.net.au level errors
logging host inside 172.16.28.32
logging debug-trace
logging permit-hostdown
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

Also a note on my previous post the Sh run log output in the ASDM currently says warnings but l have been testing my modifying this to informational with no luck !!!

Hi,

I think l have resolved this by the output of the sh run log which was displaying what logs were disabled !!  I will enabled the ones you requested and let you know if this has resolved it !!

SG