How to enable logging of packets that match an Access-list statement to a syslog server
i have an ASA 5516 firewall where i have configured some access rules to filter traffic, i want to log packets that match an access-list statement with the log keyword, the logs need to be sent to a syslog server but i only need to send logs for the access-list and not all logging, i notice there is a class option on the on the logging command that filters the logs but am not sure which option to use for logging access-list hits. Below is a what i get from the ASA:
NBS-BT-DC-ASA5516-PRODUCTION(config)# logging trap notifications class ?
configure mode commands/options: auth User Authentication bridge Transparent Firewall ca PKI Certificate Authority citrix Citrix Client config Command Interface csd Secure Desktop cts Cisco TrustSec dap Dynamic Access Policy eigrp EIGRP Routing ha Failover ids Intrusion Detection System ip IP Stack ipaa IP Address Assignment np Network Processor ospf OSPF Routing rip RIP Routing rm Resource Manager rule-engine Rule Engine session User Session snmp SNMP ssl SSL stack svc SSL VPN Client sys System tag-switching Service Tag Switching vm VLAN Mapping vpdn PPTP and L2TP session vpn IKE and IPSec vpnc VPN client vpnfo VPN Failover vpnlb VPN Load Balancing webfo WebVPN Failover webvpn WebVPN client NBS-BT-DC-ASA5516-PRODUCTION(config)# NBS-BT-DC-ASA5516-PRODUCTION(config)# sh access-list | i any any
access-list OUT line 28 extended permit ip any any log
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...
SummaryRequirementsConfiguration StepsVerificationFAQTroubleshootingReferences & Tools
In the past when IOS 12.x was hot stuff we used MD5 to authenticate OSPF neighbors. This worked great on ethernet networks because OSPF is a m...
Chapter 1 – Pre-requisite
You have Root or Super Users access privileges of Cisco Prime Infrastructure.
You have access credentials of Cisco DNA Center.
You use Cisco Prime Infrastructure version 3.5 and above which is compatible with Cisco DNA Center v...