| Message Code | PIX-4-106100 |
| Severity | Warning |
| Description | access-list acl_ID {permitted | denied |Test-allowed} protocol interface_name/source_address(source_port) ->interface_name/dest_address(dest_port) hit-cnt number ({first hit |number-second interval}) |
| Explanation | If you configured the log option for the access-list command, the packets matched an ACL statement. The message level depends on the level set in the access-list command (by default, the level is 6). The message indicates either the initial occurrance or the total number of occurrances
during an interval. This message provides more information than message 106023, which only logs denied packets, and does not include the hit count or a configurable level. The following list describes the message values: • permitted | denied | est-allowed —These values specify if the packet was permitted or denied by the ACL. If the value is est-allowed, the packet was denied by the ACL but was allowed for an already established session (for example, an internal user is allowed to accesss the Internet, and responding packets that would normally be denied by the ACL are accepted). • protocol—TCP, UDP, ICMP, or an IP protocol number. • interface_name—The interface name for the source or destination of the logged flow. The VLAN interfaces are supported. • source_address—The source IP address of the logged flow. • dest_address—The destination IP address of the logged flow. • source_port—The source port of the logged flow (TCP or UDP). For ICMP, this field is 0. • dest_port—The destination port of the logged flow (TCP or UDP). For ICMP, this field is icmp-type. • hit-cnt number—The number of times this flow was permitted or denied by this ACL entry in the configured time interval. The value is 1 when the Cisco ASA generates the first system log message for this flow. • first hit—The first message generated for this flow. • number-second interval—The interval in which the hit count is accumulated. Set this interval using the access-list command with interval option. |
| User Action | None required. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.