Home > Articles > Cisco Certification > CCNP Security / CCSP > CCNP Security Firewall Cert Guide: Recording ASA Activity

CCNP Security Firewall Cert Guide: Recording ASA Activity

Chapter Description

To help you prepare for the CCNP Security Firewall 642-617 exam, this chapter covers System Time, Managing Event and Session Logging, Configuring Event and Session Logging, Verifying Event and Session Logging, and Troubleshooting Event and Session Logging.

Exam Preparation Tasks

As mentioned in the section "How to Use This Book" in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 16, "Final Preparation," and the exam simulation questions on the CD-ROM.

Review All Key Topics

Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 6-3 lists a reference of these key topics and the page numbers on which each is found.


Table 6-3. Key Topics for Chapter 6

Key Topic Element


Page Number


Describes the NTP preference hierarchy



Explains how to configure NTP authentication



Explains logging message format, including options


Table 6-2

Lists and defines message severity levels


Paragraph/Figure 6-6

Demonstrates how to enable logging time stamps



Explains use of the ASDM Real-Time Log Viewer



Explains use of TCP-based syslog servers


Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. It is not necessary to memorize the complete syntax of every command, but you should be able to remember the basic keywords that are needed.

To test your memory of the commands, cover the right side of Tables 6-4 and 6-5 with a piece of paper, read the description on the left side, and then see how much of the command you can remember.

Table 6-4. ASA Time-Related Commands


Command Syntax

Set system time

ciscoasa# clock set hh:mm:ss {month day | day month} year

Set system time zone

ciscoasa(config)# clock timezone zone [-]hours [minutes]

Set Daylight Saving Time parameters

ciscoasa(config)# clock summer-time zone recurring [week weekday month hh:mm week weekday month hh:mm] [offset]


ciscoasa(config)# clock summer-time zone date {day month | month day} year hh:mm {day month | month day} year hh:mm [offset]

Configure an NTP server

ciscoasa(config)# ntp server ip_address [key key_id] [source interface_name] [prefer]

Enable NTP authentication

ciscoasa(config)# ntp authenticate

Set a key to authenticate with an NTP server

ciscoasa(config)# ntp authentication-key key_id md5 key

Specify that a key is trusted (required for NTP authentication)

ciscoasa(config)# ntp trusted-key key_id

Display system time

ciscoasa# show clock [detail]

Display NTP associations

ciscoasa# show ntp associations [detail]

Table 6-5. ASA Logging Configuration Commands


Command Syntax

Globally enable logging

ciscoasa(config)# logging enable

Configure save of buffered log to an FTP server before wrapping, and define an FTP server

ciscoasa(config)# logging ftp-bufferwrap

ciscoasa(config)# logging ftp-server ftp_server path username [0 | 8] password

Include a time stamp on logged messages

ciscoasa(config)# logging timestamp

Include a device identifier on logged messages

ciscoasa(config)# logging device-id {context-name | hostname | ipaddress interface_name | string text}

Disable a system message

ciscoasa(config)# no logging message syslog_id

Change the severity level of a system message

ciscoasa(config)# logging message syslog_id level level

Create a logging list to be used with other commands

ciscoasa(config)# logging list name {level level [class event_class] | message start_id[-end_id]}

Log event messages to a particular destination

ciscoasa(config)# logging [asdm | buffered | console | mail | monitor | trap] [logging_list | level]

Define a syslog server

ciscoasa(config)# logging host interface_name syslog_ip [tcp/port | udp/port] [format emblem] [secure] [permit-hostdown]

Define an SMTP server

ciscoasa(config)# smtp-server {primary_server} [backup_server]

Configure source and destination email addresses

ciscoasa(config)# logging from-address from-email-address

ciscoasa(config)# logging recipient-address address [level level]

Delay export of NetFlow flow-create events

ciscoasa(config)# flow-export delay flow-create seconds

Define a NetFlow collector

ciscoasa(config)# flow-export destination interface-name ipv4-address | hostname udp-port

Display log settings and buffered messages

ciscoasa# show logging

Display NetFlow counters

ciscoasa# show flow-export counters

Display logging queue statistics

ciscoasa# show logging queue

Adjust logging queue size

ciscoasa(config)# logging queue [size]

The FIREWALL exam focuses on practical, hands-on skills that are used by a networking professional. Therefore, you should be able to identify the commands needed to configure and test an ASA feature.