cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
779
Views
0
Helpful
3
Replies

Not able to see traffic on real time monitering on ASDM

Asim Afzal
Level 1
Level 1

                   HI,

I have configured a policy to allow a traffic and logging is enabled but when i see on real time monitering on ASA i can only see deny traffic not the traffic which is allowed by that permit policy.

Any body can advice on this

System image file is "disk0:/asa823-k8.bin"

3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

You  might have set your logging level to "notifications"

The ASA doesnt by default show any messages for allowed connections. It just logs the connection forming/teardown and the same for the translation of that connection. Or have you perhaps tried to add some logging parameters in the ACL rules?

Check the logging configurations with "show run logging"

To enable the logging of connection/translation forming on the firewall you can use these commands

logging asdm informational

logging trap informational

logging buffered informational

  • asdm = For ASDM logging level
  • trap = For Syslog server logging level
  • buffered = For the firewall own buffer logging level

Depending on the size of your network and the amount of connections setting these settings to "informational" might generate quite a bit of logs.

The ASDM should default to a logging level usually that shows the messages you need I think

- Jouni

Below is the configuration

logging enable

logging timestamp

logging standby

logging buffer-size 1048576

logging monitor informational

logging buffered informational

logging asdm informational

Hi,

With that configurations you should see connection forming on the ASDM side

Messages like (connection forming and teardown)

%ASA-6-302013: Built outbound TCP connection

%ASA-6-302014: Teardown TCP connection

%ASA-6-302015: Built outbound UDP connection

%ASA-6-302016: Teardown UDP connection

Have you configured logging parameters on the ACL rule lines? The ACL rule has the following parameter option

log

(Optional) Sets logging options when a ACE  matches a packet for network access (an access list applied with the  access-group command). If you enter the log keyword without any  arguments, you enable system log message 106100 at the default level (6)  and for the default interval (300 seconds). If you do not enter the log  keyword, then the default system log message 106023 is generated.

And after this the possibility to use

level

(Optional) Sets the system log message 106100 severity level from 0 to 7. The default level is 6 (informational).

Have you disabled any log messages?

With the very basic logging configuration you should have any problem see connections forming and being torn down on the firewall ASDM logs. If you want to see allowed connections based on ACL rules then I think you need to use the "log" parameters at the end of the ACL rule possibly.

To my understanding Cisco firewalls dont by default view any messages of connections allowed by an ACL. They however show connections blocked by ACL or otherwise.

- Jouni

Review Cisco Networking for a $25 gift card