dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1754
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

Cisco ASA: Local logging / traffic analysis...

All;

I've inherited a project where I have to get some traffic thru a Cisco ASA 5505 firewall. However, due to conditions beyond my control, I don't have access to the syslog coming from the ASA. However, I have level-15 control. How can I perform local traffic analysis on the CLI, if I don't have access to its syslog messages?
meta
join:2004-12-27
00000

meta

Member

set the monitor log level to debug and execute terminal monitor from the CLI. You will see everything that the syslog server sees.
Alternatively, use ASDM or perform packet captures to remote locations to envaluate the header data later.
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to batsona

MVM

to batsona
Do you also have access to run debug commands? Try "debug ?" and see what's available. I _WANT_ to say
"debug ip packet" is an option, but I just rememberd this is an ASA not an ISR router...

Regards
batsona
Maryland
join:2004-04-17
Ellicott City, MD

batsona

Member

It would also be great if I can debug against an ACL (or debug all packets matching an ACL) --On my DMZ interface, the only traffic coming in is FTP, and that's all i want to see. My ACL indicates 42 hits with recent testing, then the sysAdmin said, "oh yea, the FTP server is down" (no wonder we didn't get a prompt...)
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to batsona

MVM

to batsona
Easy enough to do with something similar to this... the syntax may be off and I don't have my ASA powered, so use '?' liberally

ip access-list LOGGING_FTP permit any any eq 21 log
interface DMZ
access-group LOGGING_FTP in
 

IIRC, ASA syntax to check ACL hits is "show access-list [name]"

Regards