view what happen to my network?

superlubis · ‎10-11-2012

I have asa as a gateway to internet, can i have a complete view or log traffic flow through my asa, i already try netflow but what i see is top-n traffic not all traffic.

Thx

Karsten Iwen · ‎10-11-2012

You can use syslog to send all the connection-logs to an internal server (I would use a linux-box with syslog-ng). There you have all sessions that were used through the ASA. On the server you can search or filter these logs with your native tools (grep, tail, etc.). If you need more comfort there are several commercial solutions available.

logging enable

logging timestamp

logging trap informational

logging device-id hostname

logging host inside YOUR-LOG-HOST-IP

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

superlubis · ‎10-11-2012

That will send all informational level log, can i just send ip src and port and dest ip port for traffic analysis?

Thx

Karsten Iwen · ‎10-11-2012

That will be a little bit tricky. You can disable specific messages or change the severity-level of the logging to fit your needs. But the easiest will probably be to filter the messages on your syslog-server.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni