cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2883
Views
5
Helpful
9
Replies

Taking out Any Any hitting loggs

Lahiruk
Level 1
Level 1

Hi All,

 

I have deployed Cisco 2100 series ASA with multi context mode and it contains any any rule in some contexts. So I need to take out all the traffic loggs which hitting any any rule. 

 

Any idea of taking loggs for each any any rule. ? I need to remove this rule before it goes live. 

 

 

-Dil

1 Accepted Solution

Accepted Solutions

As for as i know that log do current until buffer over flow, that not cover history of the logs.

 

As per your orginal post you like to log them and analyse them for later use (correct me if my understanding was wrong) ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

Have you configured external log server to log these ? if not you will not able to get that information.

if you like to have all the logs, configure syslog server and route the logs to log server.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB,

 

I have not configured external server yet , and hope to configure. 

I just need to taking out traffic loggs which hitting only any any ACLs. 

 

 

Regards,

Dilk

Sure you configure only those to logs to export to syslog server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi 

 

My rule number is 56 for Any Any ACL, how can i create a event for getting logs related to this rule only. please send me how it configure.

I need to capture source and destination with ports which hitting to rule number 56 only.

configured a syslog server also

 

regards,

Dilk

logging enable
logging timestamp
logging message 106100
logging trap informational or debug ( depends on your requirememt)
logging host MANAGEMENT 10.10.10.10
!
access-list 56 XXXXXXX any any log
checking logs
show logging message 106100

here is teh guide

 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc27

 

make sure you have syslog server running and you have ACL setup on ASA  for that  syslog host port 514.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Disable logging on all access control entries except the permit ip any any ACL.  This can be done  in ASDM by unchecking the logging enable check box in each ACL or adding the keywords "logging disable" at the end of each access control entry in the CLI.

--
Please remember to select a correct answer and rate helpful posts

Thanks All,

I found a way to collect it from the ASDM itself.

1. Enable debugging in particular ACL
2. Go to Confiuration ⇒ Device Management ⇒ Logging ⇒ Logging filters ⇒Select the logging destination as ASDM and change the serevivity level into debugging
3. Go back to again ACL ⇒ Write click ⇒ and select show log

Regards,
Dilk

As for as i know that log do current until buffer over flow, that not cover history of the logs.

 

As per your orginal post you like to log them and analyse them for later use (correct me if my understanding was wrong) ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks BB for your response and for the time being I had to analyze real time traffic. Later I will configure for old traffic using a syslog server.

Thanks for your answers

Regards,
Dilk
Review Cisco Networking for a $25 gift card