Log Rule Activity

The activity resulting from a network policy rule is not logged by default. You can activate logging for individual rules.

Procedure

Step 1

Select Policies > ASA Policies.

Step 2

Select the network policy with the rule you want to activate.

Step 3

In the details pane, click Edit Policy.

Step 4

Select the rule you want to log activity for.

Step 5

Click the slider to activate logging.

Step 6

Click Edit.

Step 7

Select the logging level and the frequency at which activity from that rule is collected. The following table lists the syslog message severity levels.

Severity Level

Description

emergencies

System is unusable.

alert

Immediate action is needed.

critical

Critical conditions.

error

Error conditions.

warning

Warning conditions.

notification

Normal but significant conditions.

informational

Informational messages only.

debugging

Debugging messages only.

Note

ASA does not generate syslog messages with a severity level of zero (emergencies).

Step 8

You can also change the logging interval. The logging interval shows the number of times the log was hit during the interval. The logging interval is defined in seconds, from 1 to 600. The default is 300. This value is also used as the timeout value for deleting an inactive flow from the cache used to collect drop statistics.

Step 9

Click Save. Defense Orchestrator identifies which device is affected by the change.

Step 10

Review and deploy the changes you made now, or wait and deploy multiple changes at once.