Solved

ASA 5510 - Logging Firewall Hits

Posted on 2010-09-15
4
1,209 Views
Last Modified: 2012-06-22
Hi, on our ASA cisco 5510, I have a policy for our outside interface to allow FTP, FTP-DATA & SSH to an external IP address. We then NAT this externalFTP address to an local internal server

access-list outside_access_in extended permit tcp any host ExternalFTP object-group DM_INLINE_TCP_1

static (inside,outside) ExternalFTP  access-list inside_nat_static

I am trying to come up with a list of which external IP's are actually connecting to this IP of ours..

I can see we get about 20 hits every month

Can this be done on the ASA logging or what is recommended?

Thanks
0
Comment
Question by:LiquidCapital
4 Comments
 
LVL 6

Expert Comment

by:kuoh
ID: 33681805
The IP addresses do appear in the ASDM logs, but it scrolls out of the buffer fairly quickly.  I think you'll need a syslog server if you want to aggregate the logs over a long period of time.  Any reason you can't just enable logging on the FTP server instead?
0
 
LVL 17

Accepted Solution

by:
Kvistofta earned 250 total points
ID: 33681811
If you want to log nothing but that the easiest way is to do like this:

access-l OUTSIDE ext permit tcp any host 1.2.3.4 eq ftp log alerts
logging buffered alerts
logging on

Alerts is one of 8 logging severities (0 - 7) which contains by default almost no events. By telling your acl-line to log hits on that line with severity alerts you will get a log entry each time. By logging severity alerts to buffer you can easily see what has been logged with the "show logg"-command.

Of course you can tweak this to log all alerts to syslog or asdm or whatever suits you best.

/Kvistofta


0
 
LVL 9

Assisted Solution

by:Donboo
Donboo earned 250 total points
ID: 33686504
Or you can setup a free syslog server and log to that instead then you would have the entire log in a file instead of the ASDM.
0
 

Author Closing Comment

by:LiquidCapital
ID: 33817045
Logged to syslog server and filtered out the ASA code to locate.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question