Default settings, Configuring access list logging – Cisco ASA 5505 User Manual

20-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 20 Configuring Logging for Access Lists

Configuring Logging for Access Lists

Firewall Mode Guidelines

Supported only in routed and transparent firewall modes.

IPv6 Guidelines

Supports IPv6.

Additional Guidelines and Limitations

ACE logging generates syslog message 106023 for denied packets. A deny ACE must be present to log
denied packets.

Default Settings

Table 20-1

lists the default settings for extended access list parameters.

Configuring Access List Logging

This sections describes how to configure access list logging.

Note

For complete access list command syntax, see the

“Configuring Extended Access Lists” section on

page 15-2

and the

“Using Webtype Access Lists” section on page 18-2

.

Table 20-1

Default Extended Access List Parameters

Parameters

Default

log

When the log keyword is specified, the default
level for syslog message 106100 is 6
(informational), and the default interval is 300
seconds.