Can I get router to log denies?

Answered Question
May 20th, 2008
User Badges:

Hi,


I have a cisco 877 I wish to log any denys to the router, is this possible.


It's logging notifications at the moment to a syslog server. I just need to log any denied attempts?


Thanks

Correct Answer by Jon Marshall about 9 years 1 week ago

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.


For your ref


alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
muca Tue, 05/20/2008 - 01:01
User Badges:

Do you mean for each deny rule on your access-list?

If yes, you can use the keyword "log"


access-list 101 deny tcp 10.0.0.0 0.255.255.255 any eq ftp log

whiteford Tue, 05/20/2008 - 02:51
User Badges:

Right I have managed to get this list on the termin monitor, it a failed ssh session:


May 20 10:39:18.322: %SEC-6-IPACCESSLOGNP: list 50 denied 0 192.168.61.77 -> 0.0.0.0, 1 packet


But my syslog server is not showing it. The syslog server is set to notification, do I need to do anything elase?

Correct Answer
Jon Marshall Tue, 05/20/2008 - 03:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.


For your ref


alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7


Jon

whiteford Tue, 05/20/2008 - 03:27
User Badges:

Thanks for your help, I added a deny ip any any atthe bottom of one of my access lists which controls inbound access and it's amazing how many denies pop up from external ip's on varius ports like, telnet, ssh http.


Do you know the command (when in console mode) to stop alerts like denys flood in while i'm typing and instead wait till I'm finished?


Thanks

Jon Marshall Tue, 05/20/2008 - 03:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

router(config)# no logging console

Actions

This Discussion