Solved

ASA 5510 - Logging Firewall Hits

Posted on 2010-09-15
4
1,204 Views
Last Modified: 2012-06-22
Hi, on our ASA cisco 5510, I have a policy for our outside interface to allow FTP, FTP-DATA & SSH to an external IP address. We then NAT this externalFTP address to an local internal server

access-list outside_access_in extended permit tcp any host ExternalFTP object-group DM_INLINE_TCP_1

static (inside,outside) ExternalFTP  access-list inside_nat_static

I am trying to come up with a list of which external IP's are actually connecting to this IP of ours..

I can see we get about 20 hits every month

Can this be done on the ASA logging or what is recommended?

Thanks
0
Comment
Question by:LiquidCapital
4 Comments
 
LVL 6

Expert Comment

by:kuoh
ID: 33681805
The IP addresses do appear in the ASDM logs, but it scrolls out of the buffer fairly quickly.  I think you'll need a syslog server if you want to aggregate the logs over a long period of time.  Any reason you can't just enable logging on the FTP server instead?
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 250 total points
ID: 33681811
If you want to log nothing but that the easiest way is to do like this:

access-l OUTSIDE ext permit tcp any host 1.2.3.4 eq ftp log alerts
logging buffered alerts
logging on

Alerts is one of 8 logging severities (0 - 7) which contains by default almost no events. By telling your acl-line to log hits on that line with severity alerts you will get a log entry each time. By logging severity alerts to buffer you can easily see what has been logged with the "show logg"-command.

Of course you can tweak this to log all alerts to syslog or asdm or whatever suits you best.

/Kvistofta


0
 
LVL 9

Assisted Solution

by:Donboo
Donboo earned 250 total points
ID: 33686504
Or you can setup a free syslog server and log to that instead then you would have the entire log in a file instead of the ASDM.
0
 

Author Closing Comment

by:LiquidCapital
ID: 33817045
Logged to syslog server and filtered out the ASA code to locate.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco nexus experiance 2 61
Setup NAT/PAT question 3 42
Trunk and Port Security 4 41
Firmware for ISR4321 Router 6 34
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now