Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ASA 5510 - Logging Firewall Hits

Posted on 2010-09-15
4
Medium Priority
?
1,217 Views
Last Modified: 2012-06-22
Hi, on our ASA cisco 5510, I have a policy for our outside interface to allow FTP, FTP-DATA & SSH to an external IP address. We then NAT this externalFTP address to an local internal server

access-list outside_access_in extended permit tcp any host ExternalFTP object-group DM_INLINE_TCP_1

static (inside,outside) ExternalFTP  access-list inside_nat_static

I am trying to come up with a list of which external IP's are actually connecting to this IP of ours..

I can see we get about 20 hits every month

Can this be done on the ASA logging or what is recommended?

Thanks
0
Comment
Question by:LiquidCapital
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Expert Comment

by:kuoh
ID: 33681805
The IP addresses do appear in the ASDM logs, but it scrolls out of the buffer fairly quickly.  I think you'll need a syslog server if you want to aggregate the logs over a long period of time.  Any reason you can't just enable logging on the FTP server instead?
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 1000 total points
ID: 33681811
If you want to log nothing but that the easiest way is to do like this:

access-l OUTSIDE ext permit tcp any host 1.2.3.4 eq ftp log alerts
logging buffered alerts
logging on

Alerts is one of 8 logging severities (0 - 7) which contains by default almost no events. By telling your acl-line to log hits on that line with severity alerts you will get a log entry each time. By logging severity alerts to buffer you can easily see what has been logged with the "show logg"-command.

Of course you can tweak this to log all alerts to syslog or asdm or whatever suits you best.

/Kvistofta


0
 
LVL 9

Assisted Solution

by:Donboo
Donboo earned 1000 total points
ID: 33686504
Or you can setup a free syslog server and log to that instead then you would have the entire log in a file instead of the ASDM.
0
 

Author Closing Comment

by:LiquidCapital
ID: 33817045
Logged to syslog server and filtered out the ASA code to locate.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question