ACL Logs doesn't appear

Unanswered Question
Oct 21st, 2007
User Badges:

I have an ACL which is working fine.


permit ip any host 204.73.44.226 (32 matches)

permit udp any any eq snmp (22 matches)

permit tcp any any eq 2967 log (7173566 matches)

deny ip any any (255731 matches)


when i do show logging i can see the permit logs only i can't find any deny logs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dominic.caron Sun, 10/21/2007 - 05:44
User Badges:
  • Silver, 250 points or more

You dont have the command on your deny statement.


please rate helpful post



welcomeccie Sun, 10/21/2007 - 06:03
User Badges:

Sorry find below the ACL


logging monitor informational


SW4507#sh access-lists | inc deny

1060 deny ip any any log (1260 matches)

590 deny ip any any log (125 matches)

760 deny ip any any log

590 deny ip any any log (42 matches)

30 deny ip any any log

80 deny ip any any log

1650 deny ip any any log (16491945 matches)

610 deny ip any any log (1691 matches)

Extended IP access list Test

10 deny ip 10.7.92.0 0.0.0.255 10.7.6.0 0.0.0.255

30 deny ip any any log-input


SW#sh loggi

Syslog logging: enabled (0 messages dropped, 7 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 26462 messages logged, xml disabled,

filtering disabled

Monitor logging: level informational, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 177098 messages logged, xml disabled,

filtering disabled

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled

Trap logging: level informational, 177102 message lines logged

Logging to 55.4.8.2, 177102 message lines logged, xml disabled,

filtering disabled

Richard Burts Wed, 10/24/2007 - 11:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

This response shows denies from multiple access lists and we have no way to know which deny goes with which access list (which deny is the one related to the original post?). It would be much better if you were to just list show access-list so that we could see the entire list and understand the context.


In looking at the original post it does suggest that there are permit lines which include the log parameter and the deny does not:

permit tcp any any eq 2967 log (7173566 matches)

deny ip any any (255731 matches)


It would really help if we could see the access list. And showing it out of the config would probably be better than out of show access-list.


HTH


Rick

amit.secure1 Fri, 10/26/2007 - 01:16
User Badges:

You have to configure syslog server for recving all log of PIX..and you can't log locally(means on PIX itself) all logs bcze it's mostly firewall genrated so many logs and due to limited HDD space on PIX, pix wil stop working after full HDD..so enable syslog on pix and rcvd log on other configured server to view ALL LOGS..........pls let me know for any further clearfication..........

Actions

This Discussion