Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1828
Views
0
Helpful
4
Replies

Logging event for individual permit statement

jamie.gleeson
Level 1
Level 1

‎10-18-2019 12:01 PM - edited ‎02-21-2020 09:36 AM

I am trying to get a permit statement to log an event to a syslog server. Other events from the ASA are showing in the syslog server. I changed the logging level on the permit statement to Warnings but it did not help.

 

Permit statement:

access-list EOrg_access_in extended permit ip any any log warnings

 

Logging config:

 

ASA-15# sh run | i logging
logging enable
logging timestamp
logging standby
logging buffered notifications
logging trap informational
logging history informational
logging asdm notifications
logging host Default_VRF 1.1.1.1
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

 

ASA-15# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Hide Username logging: enabled
Standby logging: enabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level notifications, 5137167 messages logged
Trap logging: level informational, facility 20, 6837647 messages logged
Logging to Default_VRF 1.1.1.1
Permit-hostdown logging: disabled
History logging: level informational, 6551457 messages logged
Device ID: disabled
Mail logging: disabled
ASDM logging: level notifications, 5137167 messages logged
configured rate is 10; Current average rate is 86 per second, max configured rate is 5; Cumulative total count is 51975

 

0 Helpful
4 Replies 4

Jaderson Pessoa
VIP Alumni
VIP Alumni

‎10-18-2019 12:47 PM

logging host Default_VRF 1.1.1.1: why vrf?

if you change just to loggin host 1.1.1.1, what happens?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

jamie.gleeson
Level 1
Level 1
In response to Jaderson Pessoa

‎10-21-2019 07:23 AM

We use the firewall between different VRF's. In this case the "Default_VRF" is the interface on the ASA to the VRF where the syslog server resides. The ASA is sending properly to the syslog server as I can see some messages. I just can't seem to get this permit rule to log when it is hit.

0 Helpful

Marius Gunnerud
VIP
VIP

‎10-19-2019 01:31 PM

which event are you trying to log to the syslog server?

 

logging host Default_VRF 1.1.1.1: why vrf?

Default_VRF is the interface name where the logging server is reached by.  If you just input logging host 1.1.1.1 you will get an error message.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

jamie.gleeson
Level 1
Level 1
In response to Marius Gunnerud

‎10-21-2019 07:25 AM

access-list EOrg_access_in extended permit ip any any

 

I am trying to log the above permit statement.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card