12-20-2017 12:46 PM - edited 03-08-2019 01:10 PM
Hi,
I just enabled the log keyword on an access list in my Cisco ASAX 5525 as such below...,
access-list Outside_access_in extended permit ip any any log
Can someone tell me if there is a way to see specific hit to this access list statement or at least to the access list without getting information from other access lists mixed in?
Solved! Go to Solution.
12-21-2017 06:40 AM
Hi
Additional you can use:
show access-list Outside_access_in run | include permit ip any any
*After the include you can type something related to the finding.
Hope it is useful
:-)
12-21-2017 01:09 AM
when you do a "show access-list" you see a litte hex-value:
access-list ACL permit tcp any4 object SRV eq https log informational interval 300 (hitcnt=1383) 0x13b0b421
You can filter your syslog by this hex-value:
root@log:/var/log/cisco/asa# grep 0x13b0b421 asa.log Dec 21 20:03:09 10.56.126.10 %ASA-6-106100: access-list ACL permitted tcp outside/192.0.2.1(51691) -> inside/10.10.10.10(443) hit-cnt 1 first hit [0x13b0b421, 0x00000000]
12-21-2017 06:40 AM
Hi
Additional you can use:
show access-list Outside_access_in run | include permit ip any any
*After the include you can type something related to the finding.
Hope it is useful
:-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide