[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA 5510 - Logging Firewall Hits

Posted on 2010-09-15
4
Medium Priority
?
1,224 Views
Last Modified: 2012-06-22
Hi, on our ASA cisco 5510, I have a policy for our outside interface to allow FTP, FTP-DATA & SSH to an external IP address. We then NAT this externalFTP address to an local internal server

access-list outside_access_in extended permit tcp any host ExternalFTP object-group DM_INLINE_TCP_1

static (inside,outside) ExternalFTP  access-list inside_nat_static

I am trying to come up with a list of which external IP's are actually connecting to this IP of ours..

I can see we get about 20 hits every month

Can this be done on the ASA logging or what is recommended?

Thanks
0
Comment
Question by:LiquidCapital
4 Comments
 
LVL 6

Expert Comment

by:kuoh
ID: 33681805
The IP addresses do appear in the ASDM logs, but it scrolls out of the buffer fairly quickly.  I think you'll need a syslog server if you want to aggregate the logs over a long period of time.  Any reason you can't just enable logging on the FTP server instead?
0
 
LVL 17

Accepted Solution

by:
Jimmy Larsson, CISSP, CEH earned 1000 total points
ID: 33681811
If you want to log nothing but that the easiest way is to do like this:

access-l OUTSIDE ext permit tcp any host 1.2.3.4 eq ftp log alerts
logging buffered alerts
logging on

Alerts is one of 8 logging severities (0 - 7) which contains by default almost no events. By telling your acl-line to log hits on that line with severity alerts you will get a log entry each time. By logging severity alerts to buffer you can easily see what has been logged with the "show logg"-command.

Of course you can tweak this to log all alerts to syslog or asdm or whatever suits you best.

/Kvistofta


0
 
LVL 9

Assisted Solution

by:Donboo
Donboo earned 1000 total points
ID: 33686504
Or you can setup a free syslog server and log to that instead then you would have the entire log in a file instead of the ASDM.
0
 

Author Closing Comment

by:LiquidCapital
ID: 33817045
Logged to syslog server and filtered out the ASA code to locate.
0

Featured Post

Exciting career futures for women in IT

Education has the power to transform lives and open the door to new career opportunities. By earning an IT degree from WGU, you can become a highly skilled IT professional. Get the credentials and certifications you need to become a leader in this rewarding field.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month17 days, 15 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question