Solved

Cisco ASA - View real-time incoming connections using ASDM

Posted on 2015-01-15
6
643 Views
Last Modified: 2015-01-28
Using the ASDM real time log viewer, all I see are outbound connections.  Is there anyway to view incoming connections?

I have an internal website using an ACL and NAT.  Logging is enabled for that ACL and I can see Hits on the counter.  If I right click on that ACL and select show log, there is nothing there.  I also tried setting logging on that ACL to debugging and still nothing.  

When looking at the Real-Time Log Viewer all I see are outgoing connections, showing our inside IPs for source and internet IPs for destinations.

Thanks
0
Comment
Question by:arad1
  • 3
  • 2
6 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40553196
for real time logging, also need to consider the type of logging set and likely you need a more verbose one like debugging instead of default information only.
 https://supportforums.cisco.com/discussion/11222801/asdm-logging-does-not-appear-correctly

 However, do note even in debugging level, the syslogs do not show individual packets, which is why the above offline or the CLI approach is alternative suggestion. You can do a packet capture on the interface and offline check but it is not real time then. Regardless, you can view the captures from CLI using the "sh capture"or use other s/w like Wireshark to view the export capture (pcap) packets. See below for more info on the steps
 http://www.tunnelsup.com/packet-captures-on-cisco-asa
 https://supportforums.cisco.com/document/6971/packet-capture-asapix-fwsm
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40565187
You could also use a Syslog server to capture all that information and view it with all sorts of filters to get granular reporting. There's a whole bunch of free tools - Kiwi, PRTG, etc. We're using AccelOps and we think it's great.
0
 

Assisted Solution

by:arad1
arad1 earned 0 total points
ID: 40566852
So I guess at this time it can't be done.  Closest I can get it using the packet capture wizard and at the end just keep hitting get capture buffer.  Thanks btan for the links provided.  Your last one looks to be 6 years old and images don't show.  Below is a more concurrent one for anyone else looking.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

I'm not sure how to close or mark a question answered that didn't really get what I was looking for.

Thanks
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 62

Expert Comment

by:btan
ID: 40567574
thanks for sharing, the pcap capture is still the safe bet and not real time. in fact, most are doing that for in depth analysis offline. Similar to this post which means long time it has exist and till now not much diff ..
http://ipfield.net/2013/06/asa-packet-capture-using-cli-and-asdm-config-example/

Another area that I was thinking s netflow but then it is not real time too..
0
 

Author Closing Comment

by:arad1
ID: 40574819
Included my own post since I provided a more up to date link.
0
 
LVL 62

Expert Comment

by:btan
ID: 40574867
thanks for sharing
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Tagging ports on a managed switch 6 52
What are acceptable WiFi signal strengths 6 59
Turn off SIP ALG - Cisco ASA 5505 1 32
access vs trunk with voice vlan 2 21
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now