Send ACL logs to syslog in ASA

If you want to log the traffic allowed by an ACL on ASA to syslog server.

Step 1> You need to create ACL and add log keyword in ACL entry

access-list vlan3-5 extended permit ip host host log debugging

Here I have used “log debugging” you can use as per your requirement.

Step 2> Configure ASA to send the logs to syslog server:

logging enable
logging timestamp
logging list syslogmsg message 106100
logging list syslogmsg message 302013
logging list syslogmsg message 302014
logging list syslogmsg message 302020
logging list syslogmsg message 302021
logging trap syslogmsg
logging host vlan3

302020 Build inbound ICMP
302021 Tear down ICMP
302013 Build inbound TCP
302014 Tear down TCP
302015 Build inbound UDP
302016 Tear down UDP

710003 TCP denied by ACL

This entry was posted in ASA. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s