Link to home
Create AccountLog in
Avatar of monorail1
monorail1Flag for United States of America

asked on

Cisco ASA5505 IOS v8.2 Need Email Alert For Firewall Hit

Dear experts - I have a Cisco ASA 5505 running IOS 8.2 with a Sec+ license.  I have syslog and email notifications configured at the Alert level which are working fine and I've included the config below.  So everything is working fine, I'm simply looking to implement a new feature.

My question is, is there a way to configure an email alert if a specific firewall rule is hit?  So, let's say I NAT a device for external SSH access and I want an email alert every time a connection attempt is made WITHOUT reducing the notification level (so I don't get spammed with false unrelated alerts).  Is this possible?  If so, how?

logging mail alerts
logging from-address ASA@domain.com
logging recipient-address user@domain.com level alerts (<- I don't want to change the Alerts level)
logging host inside 192.168.1.XXX
smtp-server 192.168.1.XXX

Thanks,
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Although you can do specific syslog messages using the method

logging list e-mail-notification message xxxx

Open in new window

where xxxx is the specific message type

I don't know of a way to do specific ACL rules

I would either do all ACL hits, and filter on your mail server/email client, or use syslog with syslog alerting.
Avatar of monorail1

ASKER

Hi ArneLovius - thanks for the comment though that's not really what I'm looking for.  Performing filtering on the client side and/or Syslog server for this particular instance is kind of a moot point.  I just need a definitive answer whether it's possible or not and if so how.
ASKER CERTIFIED SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer