Categories

CUC (6) CUCM (27) Jabber (6) Python (2) Routing (3) Solarwinds Orion NPM (4) switching (1) Video (6) voice (3)

Tuesday, 3 November 2015

Cisco ASA Real time log filtering


Another post out of necessity; the Cisco ASA and its real time traffic monitoring capabilities and more importantly, how to meaningfully filter on its output, rather than sifting through shit long log files. Yeah Yeah, this is very much a spin off of the previous post where I more or less explained, how to do this on the Palo Alto. 

First of all open up ASDM, and select Configuration > Firewall > Show log:




The choose Build Filter:



You're nearly there now, see even your little sister can do this shit.

ASA Built Filter 
I think from the screenshot above you can sort of guess what to do, just bang in your filter criteria, like source, destination, port etc.

After clicking OK, make sure you hit the "filter", button, otherwise you wont get any meaning full output.



 and you should see something like below,where I filtered based on a certain source IP and that particular host was trying to use 8.8.4.4 on port 53 (DNS)




Beats the hell out of wire sharking anyway.


Namaste!

1 comment:

  1. Actually, I am facing some difficulties to understand the meaning of the blog. If you have any short video film related to your blog, then I would request you to share here. It would be great help.Cisco SG220 POE

    ReplyDelete