cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2197
Views
0
Helpful
2
Replies

How to view specific hits on the log keyword on an ACL

macgyver0099_1
Level 1
Level 1

Hi,

 

I just enabled the log keyword on an access list in my Cisco ASAX 5525 as such below...,

 

access-list Outside_access_in extended permit ip any any log

 

Can someone tell me if there is a way to see specific hit to this access list statement or at least to the access list without getting information from other access lists mixed in?

1 Accepted Solution

Accepted Solutions

Julio E. Moisa
VIP Alumni
VIP Alumni

Hi

Additional you can use:

show access-list Outside_access_in run | include permit ip any any

*After the include you can type something related to the finding. 

 

Hope it is useful

:-)

 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

2 Replies 2

when you do a "show access-list" you see a litte hex-value:

 

access-list ACL permit tcp any4 object SRV eq https log informational interval 300 (hitcnt=1383) 0x13b0b421

You can filter your syslog by this hex-value:

 

root@log:/var/log/cisco/asa# grep 0x13b0b421 asa.log
Dec 21 20:03:09 10.56.126.10 %ASA-6-106100: access-list ACL permitted tcp outside/192.0.2.1(51691) -> inside/10.10.10.10(443) hit-cnt 1 first hit [0x13b0b421, 0x00000000]

 

Julio E. Moisa
VIP Alumni
VIP Alumni

Hi

Additional you can use:

show access-list Outside_access_in run | include permit ip any any

*After the include you can type something related to the finding. 

 

Hope it is useful

:-)

 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<