Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
0
Helpful
3
Replies

Not able to see traffic on real time monitering on ASDM

Asim Afzal
Level 1
Level 1

‎03-05-2013 04:58 AM - edited ‎03-11-2019 06:10 PM

                   HI,

I have configured a policy to allow a traffic and logging is enabled but when i see on real time monitering on ASA i can only see deny traffic not the traffic which is allowed by that permit policy.

Any body can advice on this

System image file is "disk0:/asa823-k8.bin"

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎03-05-2013 05:06 AM

Hi,

You  might have set your logging level to "notifications"

The ASA doesnt by default show any messages for allowed connections. It just logs the connection forming/teardown and the same for the translation of that connection. Or have you perhaps tried to add some logging parameters in the ACL rules?

Check the logging configurations with "show run logging"

To enable the logging of connection/translation forming on the firewall you can use these commands

logging asdm informational

logging trap informational

logging buffered informational

  • asdm = For ASDM logging level
  • trap = For Syslog server logging level
  • buffered = For the firewall own buffer logging level

Depending on the size of your network and the amount of connections setting these settings to "informational" might generate quite a bit of logs.

The ASDM should default to a logging level usually that shows the messages you need I think

- Jouni

0 Helpful

Asim Afzal
Level 1
Level 1
In response to Jouni Forss

‎03-05-2013 05:27 AM

Below is the configuration

logging enable

logging timestamp

logging standby

logging buffer-size 1048576

logging monitor informational

logging buffered informational

logging asdm informational

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to Asim Afzal

‎03-05-2013 05:43 AM

Hi,

With that configurations you should see connection forming on the ASDM side

Messages like (connection forming and teardown)

%ASA-6-302013: Built outbound TCP connection

%ASA-6-302014: Teardown TCP connection

%ASA-6-302015: Built outbound UDP connection

%ASA-6-302016: Teardown UDP connection

Have you configured logging parameters on the ACL rule lines? The ACL rule has the following parameter option

log
(Optional) Sets logging options when a ACE  matches a packet for network access (an access list applied with the  access-group command). If you enter the log keyword without any  arguments, you enable system log message 106100 at the default level (6)  and for the default interval (300 seconds). If you do not enter the log  keyword, then the default system log message 106023 is generated.

And after this the possibility to use

 level
(Optional) Sets the system log message 106100 severity level from 0 to 7. The default level is 6 (informational).

Have you disabled any log messages?

With the very basic logging configuration you should have any problem see connections forming and being torn down on the firewall ASDM logs. If you want to see allowed connections based on ACL rules then I think you need to use the "log" parameters at the end of the ACL rule possibly.

To my understanding Cisco firewalls dont by default view any messages of connections allowed by an ACL. They however show connections blocked by ACL or otherwise.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card