05-06-2009 12:25 AM
We need a solution to track NAT Translation for ASA Firewalls on CS-MARS.
Currently we are forwarding the following information to MARS.
ogging list xlate-log level warnings class ip
logging list xlate-log message 202001
logging list xlate-log message 305009-305011
logging trap xlate-log
In MARS there is a predefined report called: (All) NAT Connections (Total View). Though, when I run it it doesn't show anything. Perhaps it was written with Router NAT Translation loggin or prhaps I should be logging something else?
Any Ideas?
05-13-2009 08:11 AM
NetFlow security event logging (NSEL)— Available on ASA5580 running Version 8.1.x, provides the same type of information as syslog but more efficiently, saving CPU cycles on both the Cisco ASA appliance and CS-MARS. Both connection information and NAT translation data are combined in the same NSEL records, reducing the overall number of records exported compared to syslog.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap10.html#wp1053059
05-18-2009 08:33 AM
This is probably a stupid question, but are you clicking "resubmit" to run it, not just "view report"? the latter only shows data if the report has been run before and by default that report isn't scheduled.
Have you tried running a query using the "NAT Connection Report" result format? We don't use ASA, so can't speak to specific messages required. If you're not seeing anything in the above query, you should try turning on all logging(debug) and if the query then returns data, you know you're missing logs.
05-20-2009 02:08 AM
As others have suggested, enable level 7 debugging to syslog and then check if the reports can be generated. Then proceed from there.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: