[c-nsp] FWSM logging problem

NMaio at guesswho.com NMaio at guesswho.com
Wed Dec 16 13:03:35 EST 2009


Tony,
> As a side note, have you had the issue of traffic blowing by an ACE? :)
What you referring to here?  I run both the FWSM and ACE module.  We have had a plethora of problems with the ACE.  The best is it just stops responding and passing traffic and it doesn't failover when that happens.
Nick


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
Sent: Wednesday, December 16, 2009 12:31 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] FWSM logging problem

What code are you on?

These types of items have been going on for a while in various iterations of 
code.  There's been so many it's hard for me to keep them straight LOL!

But, if you post your code I'll try and look up my notes.  In the end, 
you'll have to call TAC and they will tell you to upgrade to xyz.

Try to get a bugid and make sure the recommended upgrade fixes your problem. 
I've had a couple logging issues that had no id and TAC just said upgrade.

As a side note, have you had the issue of traffic blowing by an ACE? :)

tv
----- Original Message ----- 
From: "Holemans Wim" <wim.holemans at ua.ac.be>
To: <cisco-nsp at puck.nether.net>
Sent: Wednesday, December 16, 2009 9:44 AM
Subject: [c-nsp] FWSM logging problem


> It seems our FWSM doesn't log all denied ACLs. I blocked an IP address
> on our FWSM and wanted to see whomever on campus is trying to access
> this address (Botnet C&C).
>
> I added the following line in the ACL (even raised priority), you can
> see that the rules triggers when I tried to telnet the address :
>
> access-list Internet-out line 24 extended deny ip any host X1.X2.X3.X4
> log critical interval 30 (hitcnt=9) 0x6e051e8c
>
>
>
> There is however no corresponding syslog message on our syslog server or
> in the buffered logs on the FWSM.
>
> These are our logging settings  : already raised queue size, some
> messages moved to another log level so they don't get send to our syslog
> server. ACL log messages are normally of ID 106100 level debugging, I
> can find several of them on the syslog server but not for the specifiec
> ACE.
>
>
>
>
>
> logging enable
>
> logging timestamp
>
> logging emblem
>
> logging console debugging
>
> logging monitor debugging
>
> logging buffered debugging
>
> logging trap informational
>
> logging asdm informational
>
> logging queue 1024
>
> logging host DA-rt x.x.x.x
>
> logging message 305010 level debugging
>
> logging message 305009 level debugging
>
> logging message 302015 level debugging
>
> logging message 302014 level debugging
>
> logging message 302013 level debugging
>
> logging message 302016 level debugging
>
> logging message 302021 level debugging
>
>
>
> Anyone has a clue on how to get all syslog messages for the ACE's that
> have a log part ?
>
>
>
>
>
> Wim Holemans
>
> Netwerkdienst Universiteit Antwerpen
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list