Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
920
Views
10
Helpful
5
Replies

Why does Real-Time monitor not show all denied traffic?

CiscoPurpleBelt
Level 6
Level 6

‎04-17-2019 08:56 AM - edited ‎02-21-2020 09:37 PM

So many times when I know for sure something is blocked via ACL on the ASA, I don't see denied logs when that same applicable traffic is attempting to pass through the ASA and am wondering why. Logging is configured for such see below. Any help guys/gals?

 

sh logg
Syslog logging: enabled
Facility: 17
Timestamp logging: enabled
Hide Username logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: level debugging, 1203550847 messages logged
Buffer logging: level informational, 1158404665 messages logged

 

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎04-17-2019 04:33 PM

can you post 

 

show running-config logging

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

joseph.h.nguyen
Level 1
Level 1
In response to balaji.bandi

‎04-17-2019 05:18 PM

Does your ACL statement has "log" at the end of your syntax?  In other words, is logging enabled on your deny rule?

CiscoPurpleBelt
Level 6
Level 6
In response to joseph.h.nguyen

‎04-18-2019 06:27 AM - edited ‎04-18-2019 07:17 AM

Yes it has log at end of statement. I though Real-time viewer will show all traffic passing through any of your interfaces on the FW?

0 Helpful

CiscoPurpleBelt
Level 6
Level 6

‎04-18-2019 07:16 AM

Here you go.

 

ASA# sh running-config logging
logging enable
logging timestamp
logging buffer-size 16384
logging asdm-buffer-size 300
logging monitor debugging
logging buffered informational
logging trap notifications
logging asdm debugging
logging facility 17
logging queue 2048
logging device-id hostname
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging rate-limit 1000 2 level 1
logging rate-limit 1000 2 level 2
logging rate-limit 500 2 level 4
logging rate-limit 500 2 level 5
logging rate-limit 1000 2 level 6
logging rate-limit 500 2 level 7

0 Helpful

joseph.h.nguyen
Level 1
Level 1
In response to CiscoPurpleBelt

‎04-18-2019 10:40 AM

You may not see logs if the permit rule is before the deny rule with logging.  Alternatively, you may use ASA features such as packet tracer and packet capture.  Be careful when using packet capture considering it can be CPU intensive.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents