cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
215
Views
0
Helpful
2
Replies

How to enable logging of packets that match an Access-list statement to a syslog server

Hello.

 

i have an ASA 5516 firewall where i have configured some access rules to filter traffic, i want to log packets that match an access-list statement with the log keyword, the logs need to be sent to a syslog server but i only need to send logs for the access-list and not all logging, i notice there is a class option on the on the logging command that filters the logs but am not sure which option to use for logging access-list hits. Below is a what i get from the ASA:

 

 

NBS-BT-DC-ASA5516-PRODUCTION(config)# logging trap notifications class ?

configure mode commands/options:
auth  User Authentication
bridge Transparent Firewall
ca PKI Certificate Authority
citrix Citrix Client
config Command Interface
csd Secure Desktop
cts Cisco TrustSec
dap Dynamic Access Policy
eigrp EIGRP Routing
ha Failover
ids Intrusion Detection System
ip IP Stack
ipaa IP Address Assignment
np Network Processor
ospf OSPF Routing
rip RIP Routing
rm Resource Manager
rule-engine Rule Engine
session User Session
snmp SNMP
ssl SSL stack
svc SSL VPN Client
sys System
tag-switching Service Tag Switching
vm VLAN Mapping
vpdn PPTP and L2TP session
vpn IKE and IPSec
vpnc VPN client
vpnfo VPN Failover
vpnlb VPN Load Balancing
webfo WebVPN Failover
webvpn WebVPN client
NBS-BT-DC-ASA5516-PRODUCTION(config)#
NBS-BT-DC-ASA5516-PRODUCTION(config)# sh access-list | i any any

access-list OUT line 28 extended permit ip any any log

 

Which option do i use?

 

Regards. 

1 ACCEPTED SOLUTION

Accepted Solutions
balaji.bandi
VIP Master

how about enable Logg messages :

 

logging enable
logging timestamp
logging list syslogmsg message 106100
logging trap syslogmsg
logging host x.x.x.x

 

reference document :

 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

2 REPLIES 2
balaji.bandi
VIP Master

how about enable Logg messages :

 

logging enable
logging timestamp
logging list syslogmsg message 106100
logging trap syslogmsg
logging host x.x.x.x

 

reference document :

 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Community for Help

View solution in original post

Hello Balaji.

 

This is very helpful, exactly what i was look for, thanks for the quick response.

 

Regards.