Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

Troubleshooting from the ASA firewall logs

Ve Con
Level 1
Level 1

‎10-06-2016 12:52 PM

 Hi everyone,

I have a need to look for the firewall logs to see if the application server (which is sitting behind the firewall) was able to pass the firewall to reach to the mail server (which is not sitting behind the firewall) ....and able to send out email to outside user (this is beyond my control and area of work).

I am not sure which option on the ASA 5515-x to turn on to capture the logs (if needed).  Currently I have it send logs at severity = Emergencies to syslog server.

I am using Kiwi Syslog to look thru the firewall logs.

So far i have tried to build a filter capture the date that incident happened with the IP of the app server.  All I saw from the result are Warning logs event ID 106023.  I believe I have to change the log severity to different level to capture the logs for the activity between app server and the DNS server to resolve the mail server name (e.g. mail.server.com)

Any suggestion on this would be greatly appreciated.  Since changing the severity level for logging can create a lot of logs, so, I need to be careful of which level I should try.

Labels:
0 Helpful
1 Reply 1

Collin Clark
VIP Alumni
VIP Alumni

‎10-08-2016 04:13 PM

Attached is a diagram for logging levels. What I would do however is setup a packet capture to look for this specific traffic.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

HTH

Preview file
25 KB
0 Helpful
Customers Also Viewed These Support Documents