cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1379
Views
0
Helpful
5
Replies

logging in ASA

kope
Level 1
Level 1

I would like to log any ftp traffic outbound at the ASA firewall to a syslog server; and I created an access-list as below to log any ftp traffic;

However, the trap logging level is set at warnings. (i do not want to logged at a lower level).

But I do need to see "informational" logging on ftp traffic.

If i set up the command line below; it appear i can not see the ftp traffic on the syslog, this probably due to the trap logging is set at warnings.

Is there any way i can still log warning message to syslog server but I am able to log informational message on ftp traffic?

thanks,

________________________________________________________________________

access-list OUTBOUND extended permit tcp any any eq ftp log informational

logging trap warnings

5 Replies 5

Somanna M.P
Cisco Employee
Cisco Employee

Hi Kope,

Each logging message has a default severity level associated with it. You can change that default behavior so that a message is sent based on a configurable severity level instead. For the messages that have a higher default level and that will not be sent, you can reconfigure their level to a lower value.

To change a message's severity level, use the following configuration command:

Firewall(config)# logging message message-number [level level]


In your case you need to configure :


Firewall(config)# loggingg message 106100 level 4  

Regards,


Som

P.S. Please mark this post as resolved if this has answered your question. Do rate the helpful posts.


mvsheik123
Level 7
Level 7

Hi,

My understanding is that you see the messages related to 'ftp' in the ASA local log. If so, one way I can recomend (there may be different way, but Iam not sure..;-)) - using the Message list. For this first find the message ids for the ftp related connections from ASA logs then create message list based on that. ex:

logging list my_CRITICAL level warnings

logging list my_CRITICAL message 111001-111009
logging list my_CRITICAL message 611103

!

logging trap my_CRITICAL

!

This will send 'warning' and any log messages Ids matches between 111001-111009 & 611103 as well.

Here is the link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

hth

MS

sam-roberts
Level 1
Level 1

Hi,

If the trap level is set at "warnings" level, ensure that the message IDs corresponding to the "ftp" transcations are set at the same level.

From your config mode, you can try the following command:

logging message warnings


Believe this helps.

Sam Roberts

logging list APR27_2011 level errors
logging list APR27_2011 message 106100
logging buffered APR27_2011

I have this setup as above and it still did not showed any message id 106100; it just shown error level messages.

Is there anything wrong here?

thanks,


Hi Sam,

I also tried as below, but return with an INFO message...

ASA1(config)# logging message 106100 level 3
INFO: Please use the access-list command to change the severity level of this syslog
ASA1(config)#

Any idea...thank you

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: