Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I need help for ASA-Logging Configuration

Status
Not open for further replies.
xyCruiseryx

xyCruiseryx

Technical User
Oct 18, 2004
94
DE
Hi All,

i dont understand the ASA-Logging Feature. I disable the logging feasture on any firewall rule but the logging runs futher with all kinds of messages.

I want to log only the deny rules on my policy and not more of these.

Is it possible? i think i need an explanation of this logging feature kid.

regards,
 
Sort by date Sort by votes
are you logging through ADSM or CLI? post your scrubbed configs. There are certain level messages you can log.
 
Upvote 0 Downvote
I try to configure the logging about the ASDM. I using a logserver to record the logs in the network.

Example for rules:


access-list KV-XXX_access_in extended permit udp object-group LXXX_WAN-ADD any eq ntp log disable


access-list KV-XXX_access_in extended deny ip any any log critical



logging enable
logging timestamp
logging standby
logging buffer-size 100000
logging console warnings
logging monitor warnings
logging buffered alerts
logging trap informational
logging history informational
logging asdm warnings
logging from-address ASA-FW@dvz-mv.de
logging facility 22
logging host DA-Vlan 10.x.x.x
logging host DA-Vlan 10.x.x.x

I only want to log drop connections. i set all deny rules to "log critical" to log these kind of messages only. But it doesnt works for me fine cause i see more logs with more serveritys on logging server.

Whats going wrong? I think i didnt understand the asa logging feature.


regards,
 
Upvote 0 Downvote
change this logging trap informational to logging trap critical
 
Upvote 0 Downvote
Hi thanks a lot for your comment. Can you describe the change please. What action will effect after the reconfigure from informational to critical. Is there any white paper on cisco site????
 
Upvote 0 Downvote
Logging informational is just the initial setting you should go to a higher level as soon as you have everything working,

You can change the logging levels of specific events to upgrade or downgrade accordingly.

0 emergency
1 alert
2 critical
3 error
4 warning
5 notification
6 informational
7 debugging


logging enable
logging timestamp
logging buffer-size 40960
logging buffered warnings
logging trap warnings

logging message 605005 level alerts
logging message 302015 level warnings


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
255
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
272
Johnkite
Johnkite
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
83
PauS0n
PauS0n
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
296
intel233
intel233
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
223
XLNTech1
XLNTech1

Part and Inventory Search

Sponsor

Back
Top