I am trying to determine what traffic is going through the firewall using an "access-list outside-in extended ip permit any any" ACE. I want to view these logs using the "show log" command on the ASA itself. I do not have a syslog server setup to view at this point. I am a little confused what the exact commands should be to get this working. Just throwing the "log" command at the end doesn't display the logs. If someone can show the exact syntax on how I need to configure the ACE and what syslog commands I need to have it show up on the "sh log" buffer I would appreciate it.
Figured this out folks. I set the ACS to "log 6 interval 300". Then "logging buffered 6". Then I was able to see the permitted flows using "sh log | inc permitted". All the TCP traffic build/teardown messages are in the log too. Is there anyway to filter those out so only the "permitted/denied" msgs for the chosen ACE are displayed?
I would say use "log 6 interval 1" and then go to ASDM, right click on the permit access-rule, select "show logg" and you can see all the traffic hitting the acl in the asdm real time log viewer.
I am not sure if this is what you are looking for, but the ASA gives you the ability to configure logging to not generate individual log messages by message ID. If you get the ID for the build and teardown messages then you can configure the ASA to not generate these syslog messages.
HTH
Rick
HTH
Rick
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
