Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
3
Replies

Logging specific ports?

John Blakley
VIP Alumni
VIP Alumni

‎02-16-2011 06:46 AM - edited ‎03-11-2019 12:51 PM

All,

I have a ton of entries getting logged to my syslog server, but the problem is that I need the particular message that's being logged.

firewall :  TCP access denied by ACL from 10.x.x.128/1438 to INSIDE:10.x.x.x/80

I'm not seeing a way of doing this, but is there a way that I can log based off of an ACL? The hit up here is because we have very old systems that have a proxy server set up in their browsers. The old firewall that we replaced acted as a proxy server, but the ASA doesn't do that so we get these hits instead. Is there a way around logging these messages to the syslog server, but log all of the other hits in the same category? Does the 8.x IOS address this?

Thanks,

John

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
3 Replies 3

PAUL GILBERT ARIAS
Level 5
Level 5

‎02-16-2011 07:37 AM

you can log the hit on an ACL, for example:

ASA-1(config)# access-l TEST permit tcp any host 172.16.129.1 eq 80 log ?

configure mode commands/options:

  <0-7>          Enter syslog level (0 - 7)

  Default        Keyword for restoring default log behavior (log 106023)

  alerts        

  critical      

  debugging     

  disable        Disable log option on this ACL element, (no log at all)

  emergencies   

  errors        

  inactive       Keyword for disabling an ACL element

  informational 

  interval       Configure log interval, default value is 300 sec

  notifications 

  time-range     Keyword for attaching time-range option to this ACL element

  warnings      

 

ASA-1(config)# access-l TEST permit tcp any host 172.16.129.1 eq 80 log notifications

you will get a log message for each hit or you can set an interval. There you can see the options.

Then you should be able to disable the unwanted log messages.

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to PAUL GILBERT ARIAS

‎02-16-2011 10:30 AM

Unfortunately, it's not working. I'm not even getting a hit on it on the ACL. I'm assuming that's because it's to the device and not through it.

What I've done is put the entry on line 3 on my acl that's on my inside interface:

access-list INSIDE line 3 permit tcp any host 10.125.100.54 eq www log disable

It's still logging to the syslog server.

Thanks,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

PAUL GILBERT ARIAS
Level 5
Level 5
In response to John Blakley

‎02-16-2011 07:27 PM

i don't think you will be able to stop the logs when going to your ASA and still allow the rest on the same category (same syslog ID) .

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card