?
Solved

Cisco ASA - View real-time incoming connections using ASDM

Posted on 2015-01-15
6
Medium Priority
?
879 Views
Last Modified: 2015-01-28
Using the ASDM real time log viewer, all I see are outbound connections.  Is there anyway to view incoming connections?

I have an internal website using an ACL and NAT.  Logging is enabled for that ACL and I can see Hits on the counter.  If I right click on that ACL and select show log, there is nothing there.  I also tried setting logging on that ACL to debugging and still nothing.  

When looking at the Real-Time Log Viewer all I see are outgoing connections, showing our inside IPs for source and internet IPs for destinations.

Thanks
0
Comment
Question by:Alan
  • 3
  • 2
6 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 40553196
for real time logging, also need to consider the type of logging set and likely you need a more verbose one like debugging instead of default information only.
 https://supportforums.cisco.com/discussion/11222801/asdm-logging-does-not-appear-correctly

 However, do note even in debugging level, the syslogs do not show individual packets, which is why the above offline or the CLI approach is alternative suggestion. You can do a packet capture on the interface and offline check but it is not real time then. Regardless, you can view the captures from CLI using the "sh capture"or use other s/w like Wireshark to view the export capture (pcap) packets. See below for more info on the steps
 http://www.tunnelsup.com/packet-captures-on-cisco-asa
 https://supportforums.cisco.com/document/6971/packet-capture-asapix-fwsm
0
 
LVL 21

Expert Comment

by:netcmh
ID: 40565187
You could also use a Syslog server to capture all that information and view it with all sorts of filters to get granular reporting. There's a whole bunch of free tools - Kiwi, PRTG, etc. We're using AccelOps and we think it's great.
0
 

Assisted Solution

by:Alan
Alan earned 0 total points
ID: 40566852
So I guess at this time it can't be done.  Closest I can get it using the packet capture wizard and at the end just keep hitting get capture buffer.  Thanks btan for the links provided.  Your last one looks to be 6 years old and images don't show.  Below is a more concurrent one for anyone else looking.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

I'm not sure how to close or mark a question answered that didn't really get what I was looking for.

Thanks
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 65

Expert Comment

by:btan
ID: 40567574
thanks for sharing, the pcap capture is still the safe bet and not real time. in fact, most are doing that for in depth analysis offline. Similar to this post which means long time it has exist and till now not much diff ..
http://ipfield.net/2013/06/asa-packet-capture-using-cli-and-asdm-config-example/

Another area that I was thinking s netflow but then it is not real time too..
0
 

Author Closing Comment

by:Alan
ID: 40574819
Included my own post since I provided a more up to date link.
0
 
LVL 65

Expert Comment

by:btan
ID: 40574867
thanks for sharing
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question