On my firewall (ASA 5540) I have a syslogserver configured: logging enable logging trap notifications logging facility 16 logging host interface-xyz 192.168.123.123
To log the whole traffic I put "log error" to the end of every acces-list line (permit and deny). This seems not to work as expected, only a few services are logged (eg 53/udp and 53/tcp) (permit or deny) but nothing else. smtp traffic is not logged (to name just one)
access-list POLICY extended permit tcp object-group H_mx01 \\ object-group H_mx00 object-group tcp_smtp log errors
To silence the dns rules I used "log disable" but they are still loged (106100-style).
access-list POLICY extended permit tcp any object-group H_dns_server \\ object-group tcp_dns log disable access-list POLICY extended permit udp any object-group H_dns_server \\ object-group udp_dns log disable
Any ideas what I did wrong?
--=20 J=F6rg Sch=FCttersnippedfirstname.lastname@example.org