Hi everyone,
I have a need to look for the firewall logs to see if the application server (which is sitting behind the firewall) was able to pass the firewall to reach to the mail server (which is not sitting behind the firewall) ....and able to send out email to outside user (this is beyond my control and area of work).
I am not sure which option on the ASA 5515-x to turn on to capture the logs (if needed). Currently I have it send logs at severity = Emergencies to syslog server.
I am using Kiwi Syslog to look thru the firewall logs.
So far i have tried to build a filter capture the date that incident happened with the IP of the app server. All I saw from the result are Warning logs event ID 106023. I believe I have to change the log severity to different level to capture the logs for the activity between app server and the DNS server to resolve the mail server name (e.g. mail.server.com)
Any suggestion on this would be greatly appreciated. Since changing the severity level for logging can create a lot of logs, so, I need to be careful of which level I should try.