logging w/ PIX / ASA


On my firewall (ASA 5540) I have a syslogserver configured: logging enable logging trap notifications logging facility 16 logging host interface-xyz

To log the whole traffic I put "log error" to the end of every acces-list line (permit and deny). This seems not to work as expected, only a few services are logged (eg 53/udp and 53/tcp) (permit or deny) but nothing else. smtp traffic is not logged (to name just one)

access-list POLICY extended permit tcp object-group H_mx01 \\ object-group H_mx00 object-group tcp_smtp log errors

To silence the dns rules I used "log disable" but they are still loged (106100-style).

access-list POLICY extended permit tcp any object-group H_dns_server \\ object-group tcp_dns log disable access-list POLICY extended permit udp any object-group H_dns_server \\ object-group udp_dns log disable

Any ideas what I did wrong?


--=20 J=F6rg Sch=FCtter

formatting link
formatting link

Reply to
Jörg Schüt
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.