I want to be able to briefly log deny message going via a router through access list.
I have done this before and now have forgotten
Is it access list 10 deny any any log?
I just need to be sure? I need to see what is being denied.
I understood you as meaning you wanted to log deny messages from an access-list you have applied in a router? Is that correct? If you already have an access-list 10 which is applied to interface, adding the above command to the end of acl will log all of the denies. If you add an access-list 10 and apply it to an interface, it will deny all traffic.