Can I get router to log denies?

Answered Question
May 20th, 2008

Hi,

I have a cisco 877 I wish to log any denys to the router, is this possible.

It's logging notifications at the moment to a syslog server. I just need to log any denied attempts?

Thanks

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 8 months ago

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
muca Tue, 05/20/2008 - 01:01

Do you mean for each deny rule on your access-list?

If yes, you can use the keyword "log"

access-list 101 deny tcp 10.0.0.0 0.255.255.255 any eq ftp log

whiteford Tue, 05/20/2008 - 02:51

Right I have managed to get this list on the termin monitor, it a failed ssh session:

May 20 10:39:18.322: %SEC-6-IPACCESSLOGNP: list 50 denied 0 192.168.61.77 -> 0.0.0.0, 1 packet

But my syslog server is not showing it. The syslog server is set to notification, do I need to do anything elase?

Correct Answer
Jon Marshall Tue, 05/20/2008 - 03:16

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

whiteford Tue, 05/20/2008 - 03:27

Thanks for your help, I added a deny ip any any atthe bottom of one of my access lists which controls inbound access and it's amazing how many denies pop up from external ip's on varius ports like, telnet, ssh http.

Do you know the command (when in console mode) to stop alerts like denys flood in while i'm typing and instead wait till I'm finished?

Thanks

Actions

This Discussion