07-30-2008 08:20 AM - edited 03-11-2019 06:22 AM
Hi...
I have an ASA 5540, and im testing the logginng.
When I telnet (port 23) my internal interface, the log shows me that the connection was denied. All rigth.
But, when I telnet with another port, for example 5858, the log doesn't show me anything.
Why?
Is this a normal behavior?
Thanks
Solved! Go to Solution.
08-04-2008 09:55 AM
Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:
ASA(config)# logging asdm debugging
Give that a try and let me know if it works.
-Mike
08-02-2008 06:43 PM
Hi,
I am assuming the syslog message that you're referring to is %ASA-3-710003. According to the ASA syslog documentation:
"This message is displayed when the security appliance denies an attempt to connect to the interface service."
So, I think that we will only see %ASA-3-710003 messages for attempted connections on ports that the firewall is running a particular service on (i.e. 21, 23, 80, 443). For other ports, such as 5858, you'll see %ASA-7-710005 messages instead.
Hope that helps.
-Mike
08-04-2008 05:05 AM
Hi, Robertson and Farrukh
when I telnet (port 23) I see 710003 denied access..ok.
But when I telnet with another port, I didn't see the 710005, like you said.
I'm loggining at Debugging level at ASDM
08-03-2008 06:45 PM
At what level are you logging (check this with the show logging output). It could be the other syslogs are at a higher level. The ASA generates a syslog for each permit/deny (at least on the first packet of each flow) even tough this could be indicated through different syslog messages/levels
Regards
Farrukh
08-04-2008 05:26 AM
Hi, Robertson and Farrukh
when I telnet (port 23) I see 710003 denied access..ok.
But when I telnet with another port, I didn't see the 710005, like you said.
I'm loggining at Debugging level at ASDM
08-04-2008 08:44 AM
Ok you won't see 710005, but you will see another syslog.
Regards
Farrukh
08-04-2008 09:45 AM
Hi Farrukh,
is it possible to see 710005?
Thanks
08-04-2008 09:47 AM
Hi,
You should see 710005 if you are logging at the debugging level.
Could you post the output of 'show run | inc logging' from your ASA?
-Mike
08-04-2008 09:53 AM
Hi Mike...
see output:
logging enable
logging monitor informational
logging trap informational
logging asdm informational
logging host LAN 172.x.x.x
I think I figured the error. Should the configuration be seted to "debugging"???
08-04-2008 09:55 AM
Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:
ASA(config)# logging asdm debugging
Give that a try and let me know if it works.
-Mike
08-04-2008 10:32 AM
Hi Mike...
Now its working fine...I can see ASA denying my telnet connection at port 5858.
Thanks you...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide