Log

Unanswered Question
Aug 13th, 2007
User Badges:


Hi,

access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445


This is my ACL.But i wanted to know which are all systems are connecting to 172.30.2.140.the broblem is if the source systems are connecting always to 172.30.2.140 means i could find trou sh conn command rite, But they are connecting occasionally.hence i m getting hit counts in that particular ACL.So could please share with me, How could i find the Connecting source ip address.Please help me..Thanks in advance



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rochopra Tue, 08/14/2007 - 02:17
User Badges:
  • Cisco Employee,

enable syslogging for the traffic and log all the traffic matching that ACL to syslog server.


~Rohit

sureshkum Tue, 08/14/2007 - 02:20
User Badges:

Hi,


Thanks a lot for ur response.I have added already.But unable to find any entry related to 445 port for that corresponding source and destination.I m getting only denied logs.but it should come under permit log i think so.my syslog trap level is notification.What i have to do further?.Please..Acl in given below


access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445 log 6 interval 300 (hitcnt=106)





sureshkum Wed, 08/15/2007 - 23:38
User Badges:

Hi,


sorry for delay reply.


No.Its coming through leased line..

Richard Burts Thu, 08/16/2007 - 06:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

sureshkumar


from your previous post: my syslog trap level is notification. I believe that the logging level for access lists is informational. Change the trap level to informational and let us know what happens.


HTH


Rick

sureshkum Thu, 08/16/2007 - 23:24
User Badges:

hi rick,



thanks a lot..Found the logs..thanks a log

sureshkum Thu, 08/16/2007 - 23:30
User Badges:

Rick i have a query,


Is syslog will generate only deny logs bydefault?..In order to receive all type of(what ever the connections establishing and denied logs also) what are the config setting we have to do in Pix?..

Jon Marshall Fri, 08/17/2007 - 00:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Sureshkumar


I have already answered this question in VPN security forum for you. You need to set your syslog trap level to informational.


If you leave your trap level as notification you will not see the permits.


HTH


Jon

sureshkum Fri, 08/17/2007 - 01:26
User Badges:

Sorry jon, that day i thought wrongly that my logging level is informational.Today i justifyed.

i have one more query in above post.kndly reply me




Richard Burts Fri, 08/17/2007 - 02:36
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sureshkumar


I believe that your question is: Is syslog will generate only deny logs by default?

The answer to that is no it is not default to generate logs only for deny. It will generate logs for any ACL statement that includes the log keyword. So if you have permit statements including the log keyword then you should see the permitted packets in your log messages.


HTH


Rick

Actions

This Discussion