Logging an ACL ACE

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2011 03:29 PM - edited 03-11-2019 02:33 PM
Hello -
I am trying to determine what traffic is going through the firewall using an "access-list outside-in extended ip permit any any" ACE. I want to view these logs using the "show log" command on the ASA itself. I do not have a syslog server setup to view at this point. I am a little confused what the exact commands should be to get this working. Just throwing the "log" command at the end doesn't display the logs. If someone can show the exact syntax on how I need to configure the ACE and what syslog commands I need to have it show up on the "sh log" buffer I would appreciate it.
Regards
Chuck
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2011 06:41 PM
Figured this out folks. I set the ACS to "log 6 interval 300". Then "logging buffered 6". Then I was able to see the permitted flows using "sh log | inc permitted". All the TCP traffic build/teardown messages are in the log too. Is there anyway to filter those out so only the "permitted/denied" msgs for the chosen ACE are displayed?
Chuck

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-01-2011 09:23 PM
Hi,
I would say use "log 6 interval 1" and then go to ASDM, right click on the permit access-rule, select "show logg" and you can see all the traffic hitting the acl in the asdm real time log viewer.
Hope that helps.
Thanks,
Varun
Varun Rao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2011 03:59 PM
Chuck
I am not sure if this is what you are looking for, but the ASA gives you the ability to configure logging to not generate individual log messages by message ID. If you get the ID for the build and teardown messages then you can configure the ASA to not generate these syslog messages.
HTH
Rick
Rick
