04-17-2019 08:56 AM - edited 02-21-2020 09:37 PM
So many times when I know for sure something is blocked via ACL on the ASA, I don't see denied logs when that same applicable traffic is attempting to pass through the ASA and am wondering why. Logging is configured for such see below. Any help guys/gals?
sh logg
Syslog logging: enabled
Facility: 17
Timestamp logging: enabled
Hide Username logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: level debugging, 1203550847 messages logged
Buffer logging: level informational, 1158404665 messages logged
04-17-2019 04:33 PM
can you post
show running-config logging
04-17-2019 05:18 PM
Does your ACL statement has "log" at the end of your syntax? In other words, is logging enabled on your deny rule?
04-18-2019 06:27 AM - edited 04-18-2019 07:17 AM
Yes it has log at end of statement. I though Real-time viewer will show all traffic passing through any of your interfaces on the FW?
04-18-2019 07:16 AM
Here you go.
ASA# sh running-config logging
logging enable
logging timestamp
logging buffer-size 16384
logging asdm-buffer-size 300
logging monitor debugging
logging buffered informational
logging trap notifications
logging asdm debugging
logging facility 17
logging queue 2048
logging device-id hostname
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
logging host management X.X.X.X
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging rate-limit 1000 2 level 1
logging rate-limit 1000 2 level 2
logging rate-limit 500 2 level 4
logging rate-limit 500 2 level 5
logging rate-limit 1000 2 level 6
logging rate-limit 500 2 level 7
04-18-2019 10:40 AM
You may not see logs if the permit rule is before the deny rule with logging. Alternatively, you may use ASA features such as packet tracer and packet capture. Be careful when using packet capture considering it can be CPU intensive.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide