Solved

Cisco ASA - View real-time incoming connections using ASDM

Posted on 2015-01-15
6
687 Views
Last Modified: 2015-01-28
Using the ASDM real time log viewer, all I see are outbound connections.  Is there anyway to view incoming connections?

I have an internal website using an ACL and NAT.  Logging is enabled for that ACL and I can see Hits on the counter.  If I right click on that ACL and select show log, there is nothing there.  I also tried setting logging on that ACL to debugging and still nothing.  

When looking at the Real-Time Log Viewer all I see are outgoing connections, showing our inside IPs for source and internet IPs for destinations.

Thanks
0
Comment
Question by:Alan
  • 3
  • 2
6 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40553196
for real time logging, also need to consider the type of logging set and likely you need a more verbose one like debugging instead of default information only.
 https://supportforums.cisco.com/discussion/11222801/asdm-logging-does-not-appear-correctly

 However, do note even in debugging level, the syslogs do not show individual packets, which is why the above offline or the CLI approach is alternative suggestion. You can do a packet capture on the interface and offline check but it is not real time then. Regardless, you can view the captures from CLI using the "sh capture"or use other s/w like Wireshark to view the export capture (pcap) packets. See below for more info on the steps
 http://www.tunnelsup.com/packet-captures-on-cisco-asa
 https://supportforums.cisco.com/document/6971/packet-capture-asapix-fwsm
0
 
LVL 20

Expert Comment

by:netcmh
ID: 40565187
You could also use a Syslog server to capture all that information and view it with all sorts of filters to get granular reporting. There's a whole bunch of free tools - Kiwi, PRTG, etc. We're using AccelOps and we think it's great.
0
 

Assisted Solution

by:Alan
Alan earned 0 total points
ID: 40566852
So I guess at this time it can't be done.  Closest I can get it using the packet capture wizard and at the end just keep hitting get capture buffer.  Thanks btan for the links provided.  Your last one looks to be 6 years old and images don't show.  Below is a more concurrent one for anyone else looking.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

I'm not sure how to close or mark a question answered that didn't really get what I was looking for.

Thanks
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 63

Expert Comment

by:btan
ID: 40567574
thanks for sharing, the pcap capture is still the safe bet and not real time. in fact, most are doing that for in depth analysis offline. Similar to this post which means long time it has exist and till now not much diff ..
http://ipfield.net/2013/06/asa-packet-capture-using-cli-and-asdm-config-example/

Another area that I was thinking s netflow but then it is not real time too..
0
 

Author Closing Comment

by:Alan
ID: 40574819
Included my own post since I provided a more up to date link.
0
 
LVL 63

Expert Comment

by:btan
ID: 40574867
thanks for sharing
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question