20-3
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter20 Configuring Logging for Access Lists
Configuring Logging for Access Lists
Firewall Mode Guidelines
Supported only in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
ACE logging generates syslog message 106023 for denied packets. A deny ACE must be present to log
denied packets.
Default Settings
Table20-1 lists the default settings for extended access list parameters.
Configuring Access List Logging
This sections describes how to configure access list logging.
Note For complete access list command syntax, see the “Configuring Extended Access Lists” section on
page 15-2 and the “Using Webtype Access Lists” section on page18-2.
Table20-1 Default Extended Access List Parameters
Parameters Default
log When the log keyword is specified, the default
level for syslog message 106100 is 6
(informational), and the default interval is 300
seconds.