[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco ASDM on ASA appliance

Posted on 2012-08-31
4
Medium Priority
?
1,202 Views
Last Modified: 2012-08-31
We are having trouble with spam being sent from our network. I figure it's a spam bot somewhere so I wanted to log all outbound traffic on the firewall.

I set up some access rules to only allow outbound traffic on port 25 from our mailserver.

I've attached a screenshot that shows that in less than an half hour there were 14,624 hits against the ACL.

I want to review this log but when I right click on it an click "show log" the window is empty.
I've attached a screenshot. How do I log this?

I've made sure that logging is enable and email filtering is on.

I've attached screenshots of all of this. Hopefully my question is clear enough. Thanks for you help.
Capture.JPG
blankLogWindow.JPG
logginEnabled.JPG
emailFilter.JPG
0
Comment
Question by:David11011
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
sharjeel ashraf earned 2000 total points
ID: 38355123
what you do is setup a syslog server, any free one from the web will do, then send all syslog messages related to the error / warning messages to the new syslog server. that way you can capture the information on a PC and view at your leisure later.
0
 
LVL 6

Expert Comment

by:sharjeel ashraf
ID: 38355136
sorry forget to mention i have used kiwi syslog before for these sorts of problems and it works perfectly fine. although with kiwi you do have to sit and watch the screen, also from the main screen you can check what services and being used and what are the main IP's sending the data and where they are being recieved from.
0
 
LVL 2

Author Comment

by:David11011
ID: 38355156
Ok, I'm in the process of setting up a syslog server. But if the logs are showing up asdm are they going to show up on the syslog server? Is there something else I need to do with my logging configuration on the router?
0
 
LVL 2

Author Closing Comment

by:David11011
ID: 38355376
the syslog server is what I was looking for. I decided to use Tftpd64 as the syslog server.  It's really lightweight and does the job. Thank for your help
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Considering cloud tradeoffs and determining the right mix for your organization.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question