Another post out of necessity; the Cisco ASA and its real time traffic monitoring capabilities and more importantly, how to meaningfully filter on its output, rather than sifting through shit long log files. Yeah Yeah, this is very much a spin off of the previous post where I more or less explained, how to do this on the Palo Alto.
First of all open up ASDM, and select Configuration > Firewall > Show log:
The choose Build Filter:
You're nearly there now, see even your little sister can do this shit.
|ASA Built Filter|
After clicking OK, make sure you hit the "filter", button, otherwise you wont get any meaning full output.
and you should see something like below,where I filtered based on a certain source IP and that particular host was trying to use 188.8.131.52 on port 53 (DNS)
Beats the hell out of wire sharking anyway.