show the log in an ACL

Answered Question
Oct 8th, 2007

I have an ACL which is working fine.

150 deny ip any host 204.73.44.250

160 deny ip any host 204.73.44.226 (32 matches)

170 permit udp any 0.0.0.0 255.255.255.0 eq snmp

180 deny udp any any eq snmp (22 matches)

190 deny tcp any any eq 2967 log (7173566 matches)

200 deny tcp any any eq 6667 log

210 deny ip any host 66.176.202.133 log

220 deny ip any host 211.100.30.34 log

230 deny ip any host 211.100.19.116 log

240 permit ip any any (255731 matches)

Now what level do I set the logging trap at to get these transfered to my syslog server.

BTW, other items are being transfered, except the hits on the ACLs.

TIA, Stephen

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 2 months ago

Stephen

The log output from an access list is severity level 6.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (3 ratings)
Loading.
Edison Ortiz Mon, 10/08/2007 - 14:30

You won't get all the hits individually. You will get a sum of hits within a process interval.

In other words, if you are accessing port 6667 for 2 minutes, it will accumulate that amount of hits and when the process is finished, it will transfer that information over to the syslog server with the total count.

Please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf013.htm#wp1001168

Correct Answer
Richard Burts Mon, 10/08/2007 - 14:37

Stephen

The log output from an access list is severity level 6.

HTH

Rick

Actions

This Discussion