04-27-2011 12:59 PM - edited 03-11-2019 01:26 PM
I would like to log any ftp traffic outbound at the ASA firewall to a syslog server; and I created an access-list as below to log any ftp traffic;
However, the trap logging level is set at warnings. (i do not want to logged at a lower level).
But I do need to see "informational" logging on ftp traffic.
If i set up the command line below; it appear i can not see the ftp traffic on the syslog, this probably due to the trap logging is set at warnings.
Is there any way i can still log warning message to syslog server but I am able to log informational message on ftp traffic?
thanks,
________________________________________________________________________
access-list OUTBOUND extended permit tcp any any eq ftp log informational
logging trap warnings
04-27-2011 02:12 PM
Hi Kope,
Each logging message has a default severity level associated with it. You can change that default behavior so that a message is sent based on a configurable severity level instead. For the messages that have a higher default level and that will not be sent, you can reconfigure their level to a lower value.
To change a message's severity level, use the following configuration command:
Firewall(config)# logging message message-number [level level]
In your case you need to configure :
Firewall(config)# loggingg message 106100 level 4
Regards,
Som
P.S. Please mark this post as resolved if this has answered your question. Do rate the helpful posts.
04-27-2011 02:21 PM
Hi,
My understanding is that you see the messages related to 'ftp' in the ASA local log. If so, one way I can recomend (there may be different way, but Iam not sure..;-)) - using the Message list. For this first find the message ids for the ftp related connections from ASA logs then create message list based on that. ex:
logging list my_CRITICAL level warnings
logging list my_CRITICAL message 111001-111009
logging list my_CRITICAL message 611103
!
logging trap my_CRITICAL
!
This will send 'warning' and any log messages Ids matches between 111001-111009 & 611103 as well.
Here is the link:
hth
MS
04-27-2011 02:43 PM
Hi,
If the trap level is set at "warnings" level, ensure that the message IDs corresponding to the "ftp" transcations are set at the same level.
From your config mode, you can try the following command:
logging message
Believe this helps.
Sam Roberts
04-27-2011 07:57 PM
logging list APR27_2011 level errors
logging list APR27_2011 message 106100
logging buffered APR27_2011
I have this setup as above and it still did not showed any message id 106100; it just shown error level messages.
Is there anything wrong here?
thanks,
04-27-2011 08:47 PM
Hi Sam,
I also tried as below, but return with an INFO message...
ASA1(config)# logging message 106100 level 3
INFO: Please use the access-list command to change the severity level of this syslog
ASA1(config)#
Any idea...thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide