CLI of Cisco ASA firewall

#terminal monitor command in my asa ia not capturing any traffic.....what should i enable to capture the traffic using this command.

i tried the follwoing

(config)#logging enable
(config)#terminal monitor
Who is Participating?
genie4allConnect With a Mentor Commented:
The terminal monitor only really affects the vty that you are currently telnetted or ssh'd into.  "terminal monitor" to enable you to see "logging monitor" from telnet.  "terminal no monitor" to disable it.  Console is on by default, but can be disabled.  The logging level of the console is not necessarily what you see because each level is configured independently.  A "show logging" will show you the level per logging destination.

logging monitor will not show anything on your console. try debugging something (e.g. execute debug telnet or debug ssh and try to ssh / telnet from a different machine to your device)
ciscoasa#show logging
Ernie BeekExpertCommented:
Logging console info
Ernie BeekExpertCommented:
Or any other from debug to alert.
Just do a: logging console ?
Then you'll see the options.
mahuenConnect With a Mentor Commented:
The better way to get a capture is using the command "capture".

you have tu create an access-list with any name like "acl-in", then you have to create a capture with a name, associate it with an interface and you access-list:

access-list acl-in permit tcp eq ftp

in the ingress interface
capture interesting-traffic-in access-list acl-in interface inside

and in the egress interface for example:
capture interesting-traffic-out access-list acl-in interface outside

then you can copy the capture and save it like a pcap file and open it with wire shark.

copy /pcap capture:interesting-traffic-out flash:interesting-traffic-out

usefull not?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.