monorail1
asked on
Cisco ASA5505 IOS v8.2 Need Email Alert For Firewall Hit
Dear experts - I have a Cisco ASA 5505 running IOS 8.2 with a Sec+ license. I have syslog and email notifications configured at the Alert level which are working fine and I've included the config below. So everything is working fine, I'm simply looking to implement a new feature.
My question is, is there a way to configure an email alert if a specific firewall rule is hit? So, let's say I NAT a device for external SSH access and I want an email alert every time a connection attempt is made WITHOUT reducing the notification level (so I don't get spammed with false unrelated alerts). Is this possible? If so, how?
logging mail alerts
logging from-address ASA@domain.com
logging recipient-address user@domain.com level alerts (<- I don't want to change the Alerts level)
logging host inside 192.168.1.XXX
smtp-server 192.168.1.XXX
Thanks,
My question is, is there a way to configure an email alert if a specific firewall rule is hit? So, let's say I NAT a device for external SSH access and I want an email alert every time a connection attempt is made WITHOUT reducing the notification level (so I don't get spammed with false unrelated alerts). Is this possible? If so, how?
logging mail alerts
logging from-address ASA@domain.com
logging recipient-address user@domain.com level alerts (<- I don't want to change the Alerts level)
logging host inside 192.168.1.XXX
smtp-server 192.168.1.XXX
Thanks,
ASKER
Hi ArneLovius - thanks for the comment though that's not really what I'm looking for. Performing filtering on the client side and/or Syslog server for this particular instance is kind of a moot point. I just need a definitive answer whether it's possible or not and if so how.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Open in new window
where xxxx is the specific message typeI don't know of a way to do specific ACL rules
I would either do all ACL hits, and filter on your mail server/email client, or use syslog with syslog alerting.