Send ACL logs to syslog in ASA

If you want to log the traffic allowed by an ACL on ASA to syslog server.

Step 1> You need to create ACL and add log keyword in ACL entry

access-list vlan3-5 extended permit ip host 10.5.3.189 host 10.5.5.189 log debugging

Here I have used “log debugging” you can use as per your requirement.

Step 2> Configure ASA to send the logs to syslog server:

logging enable
logging timestamp
logging list syslogmsg message 106100
logging list syslogmsg message 302013
logging list syslogmsg message 302014
logging list syslogmsg message 302020
logging list syslogmsg message 302021
logging trap syslogmsg
logging host vlan3 10.3.3.247

302020 Build inbound ICMP
302021 Tear down ICMP
302013 Build inbound TCP
302014 Tear down TCP
302015 Build inbound UDP
302016 Tear down UDP

710003 TCP denied by ACL

Advertisements
This entry was posted in ASA. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s