Solved: Re: How to view specific hits on the log keyword on an ACL

macgyver0099_1 · ‎12-20-2017

Hi,

I just enabled the log keyword on an access list in my Cisco ASAX 5525 as such below...,

access-list Outside_access_in extended permit ip any any log

Can someone tell me if there is a way to see specific hit to this access list statement or at least to the access list without getting information from other access lists mixed in?

Julio E. Moisa · ‎12-21-2017

Hi

Additional you can use:

show access-list Outside_access_in run | include permit ip any any

*After the include you can type something related to the finding.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Karsten Iwen · ‎12-21-2017

when you do a "show access-list" you see a litte hex-value:

access-list ACL permit tcp any4 object SRV eq https log informational interval 300 (hitcnt=1383) 0x13b0b421

You can filter your syslog by this hex-value:

root@log:/var/log/cisco/asa# grep 0x13b0b421 asa.log
Dec 21 20:03:09 10.56.126.10 %ASA-6-106100: access-list ACL permitted tcp outside/192.0.2.1(51691) -> inside/10.10.10.10(443) hit-cnt 1 first hit [0x13b0b421, 0x00000000]

Julio E. Moisa · ‎12-21-2017

Hi

Additional you can use:

show access-list Outside_access_in run | include permit ip any any

*After the include you can type something related to the finding.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<