02-25-2009 03:58 AM - edited 03-11-2019 07:56 AM
Hi All,
Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?
I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks.
I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc
Thanks
Solved! Go to Solution.
02-25-2009 09:08 PM
the "test" is like a filter for what messages one wants to see on the syslog server.
the below link should help you understand better
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924
darkbeatz,
you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.
HTH
Vikram
02-25-2009 04:37 AM
do these steps
1) logging on
2) logging list test message 106100
3) logging trap test
4) logging host <
106100 - gives you ports and protocols for the permitted traffic , I have tried this config by having an " access-list inside permit ip any any log " to analyze what kind of traffic is traversing the firewall.
you can find the complete list of syslog message numbers here
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html
HTH
Vikram
02-25-2009 04:54 AM
Thanks Vikram.
Does test in this command refer to an access-list called test?
02-25-2009 06:34 AM
let me be more clear.
Does the logging analyse all access-lists on the firewall or can I specifically monitor each acl
thanks
02-25-2009 09:08 PM
the "test" is like a filter for what messages one wants to see on the syslog server.
the below link should help you understand better
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924
darkbeatz,
you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.
HTH
Vikram
02-26-2009 01:36 AM
Superb thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide