10-11-2012 12:50 AM - edited 03-11-2019 05:07 PM
I have asa as a gateway to internet, can i have a complete view or log traffic flow through my asa, i already try netflow but what i see is top-n traffic not all traffic.
Thx
10-11-2012 04:25 AM
You can use syslog to send all the connection-logs to an internal server (I would use a linux-box with syslog-ng). There you have all sessions that were used through the ASA. On the server you can search or filter these logs with your native tools (grep, tail, etc.). If you need more comfort there are several commercial solutions available.
logging enable
logging timestamp
logging trap informational
logging device-id hostname
logging host inside YOUR-LOG-HOST-IP
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
10-11-2012 05:39 AM
That will send all informational level log, can i just send ip src and port and dest ip port for traffic analysis?
Thx
10-11-2012 06:06 AM
That will be a little bit tricky. You can disable specific messages or change the severity-level of the logging to fit your needs. But the easiest will probably be to filter the messages on your syslog-server.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide