EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #596 background imageLoading...
Page #596 background image
1-4
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Logging for Access Lists
Configuring Logging for Access Lists
To configure logging for an ACE, enter the following command:
Monitoring Access Lists
To monitor access lists, enter one of the following commands:
Configuration Examples for Access List Logging
This section includes sample configurations for logging access lists.
You might configure the following access list:
hostname(config)# access-list outside-acl permit ip host 1.1.1.1 any log 7 interval 600
hostname(config)# access-list outside-acl permit ip host 2.2.2.2 any
hostname(config)# access-list outside-acl deny ip any any log 2
hostname(config)# access-group outside-acl in interface outside
Command Purpose
access-list access_list_name [extended]
{deny | permit}...[log [[level] [interval
secs] | disable | default]]
Example:
hostname(config)# access-list outside-acl
permit ip host 1.1.1.1 any log 7 interval
600
Configures logging for an ACE.
The access-list access_list_name syntax specifies the access list for which
you want to configure logging.
The extended option adds an ACE.
The deny keyword denies a packet if the conditions are matched. Some
features do not allow deny ACEs, such as NAT. (See the command
documentation for each feature that uses an access list for more
information.)
The permit keyword permits a packet if the conditions are matched.
If you enter the log option without any arguments, you enable syslog
message 106100 at the default level (6) and for the default interval (300
seconds). See the following options:
• level—A severity level between 0 and 7. The default is 6.
• interval secs—The time interval in seconds between syslog messages,
from 1 to 600. The default is 300. This value is also used as the timeout
value for deleting an inactive flow.
• disable—Disables all access list logging.
• default—Enables logging to message 106023. This setting is the same
as having no log option.
(See the access-list command in the Cisco Security Appliance Command
Reference for more information about command options.)
Command Purpose
show access list
Displays the access list entries by number.
show running-config access-list
Displays the current running access list
configuration.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals