Show logs generated by a rule

dgoswick · ‎02-27-2009

While using ASDM 5.2 for our PIX's and FWSM, I noticed that within the Access Rules, under Security Policy, right clicking on the Access Rule brought up the option to 'Show Log'. The pop up description of this function says "Show logs generated by this rule". If I click on it, it opens the Real-time Log Viewer with the ACL's unique identifier in the filter. It looks something like, '0x3ffd520f'. However, none of the events contain this identifier. This would be useful if we could turn it on. How do we include this identifier in our logs?

Many thanks.

ben.posner · ‎11-05-2009

I was confused by this as well but figured it out after some tinkering. the real-time log viewer isn't brining up a history, it's bringing up a viewer for any NEW hits for that particular rule. Try it with something like a rule for RDP and then initiate a connection and it should show in the window.

Show logs generated by a rule

Secure Firewall (FTD) : Snort 3 : Custom Local Snort Rule の作成例と動作確認

FMC API | ACP - Delete disabled rules and generate report.

Access Policy Rules API is now available!

WSA: Access Logs/W3C Logsの匿名化

ND: /logs/k8_infra/eventmonitoring ディレクトリの使用率が 100% になる