Tuesday, February 9, 2021

Explain ASA Syslog Syntax

Hello,

Was hoping someone could assist me with a break down of the following syslog event line coming from my ASA:

%ASA-0-106100: access-list Global denied tcp L2_***/*.*.*.*(502) -> L2_**/*.*.*.*(63374) hit-cnt 30 300-second interval [0x905fd385, 0x00000000]

I filtered out my IPs for privacy but just looking for an explanation, especially in bold. Also this is saying something was blocked correct from port 502 to port 63374. Where is the rule references that is actually blocking? and again an explanation of what is in bold... is this block because of a certain amount of hits in a time interval?

Thanks!



No comments:

Post a Comment