log

Unanswered Question
Aug 13th, 2007

Hi,

access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445


This is my ACL.But i wanted to know which are all systems are connecting to 172.30.2.140.the broblem is if the source systems are connecting always to 172.30.2.140 means i could find trou sh conn command rite, But they are connecting occasionally.hence i m getting hit counts in that particular ACL.So could please share with me, How could i find the Connecting source ip address.Please help me..Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 08/14/2007 - 01:16

Hi


You need to add the keyword "log" to the end of your access-list entry and send the logging through to a syslog server.


HTH


Jon

sureshkum Tue, 08/14/2007 - 02:03

Hi,


Thanks a lot for ur response.I have added already.But unable to find any entry related to 445 port for that corresponding source and destination.I m getting only denyed logs.but it should come under permit log i think so.my syslog trap level is notification.What i have to do further?.Please..Acl in given below


access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445 log 6 interval 300 (hitcnt=106)


Jon Marshall Tue, 08/14/2007 - 02:40

Hi


You need your logging level to be at "informational".


Bear in mind that this will generate a lot of logs and network traffic so be careful.


HTH


Jon

sureshkum Tue, 08/14/2007 - 02:07

Hi,


Thanks a lot for ur response.I have added already.But unable to find any entry related to 445 port for that corresponding source and destination.I m getting only denyed logs.but it should come under permit log i think so.my syslog trap level is notification.What i have to do further?.Please

Actions

This Discussion