[c-nsp] FWSM logging problem

Tony Varriale tvarriale at comcast.net
Wed Dec 16 12:30:34 EST 2009


What code are you on?

These types of items have been going on for a while in various iterations of 
code.  There's been so many it's hard for me to keep them straight LOL!

But, if you post your code I'll try and look up my notes.  In the end, 
you'll have to call TAC and they will tell you to upgrade to xyz.

Try to get a bugid and make sure the recommended upgrade fixes your problem. 
I've had a couple logging issues that had no id and TAC just said upgrade.

As a side note, have you had the issue of traffic blowing by an ACE? :)

tv
----- Original Message ----- 
From: "Holemans Wim" <wim.holemans at ua.ac.be>
To: <cisco-nsp at puck.nether.net>
Sent: Wednesday, December 16, 2009 9:44 AM
Subject: [c-nsp] FWSM logging problem


> It seems our FWSM doesn't log all denied ACLs. I blocked an IP address
> on our FWSM and wanted to see whomever on campus is trying to access
> this address (Botnet C&C).
>
> I added the following line in the ACL (even raised priority), you can
> see that the rules triggers when I tried to telnet the address :
>
> access-list Internet-out line 24 extended deny ip any host X1.X2.X3.X4
> log critical interval 30 (hitcnt=9) 0x6e051e8c
>
>
>
> There is however no corresponding syslog message on our syslog server or
> in the buffered logs on the FWSM.
>
> These are our logging settings  : already raised queue size, some
> messages moved to another log level so they don't get send to our syslog
> server. ACL log messages are normally of ID 106100 level debugging, I
> can find several of them on the syslog server but not for the specifiec
> ACE.
>
>
>
>
>
> logging enable
>
> logging timestamp
>
> logging emblem
>
> logging console debugging
>
> logging monitor debugging
>
> logging buffered debugging
>
> logging trap informational
>
> logging asdm informational
>
> logging queue 1024
>
> logging host DA-rt x.x.x.x
>
> logging message 305010 level debugging
>
> logging message 305009 level debugging
>
> logging message 302015 level debugging
>
> logging message 302014 level debugging
>
> logging message 302013 level debugging
>
> logging message 302016 level debugging
>
> logging message 302021 level debugging
>
>
>
> Anyone has a clue on how to get all syslog messages for the ACE's that
> have a log part ?
>
>
>
>
>
> Wim Holemans
>
> Netwerkdienst Universiteit Antwerpen
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list