Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
461
Views
0
Helpful
6
Replies

Can I get router to log denies?

Go to solution
whiteford
Level 1
Level 1

‎05-20-2008 12:34 AM - edited ‎03-03-2019 10:00 PM

Hi,

I have a cisco 877 I wish to log any denys to the router, is this possible.

It's logging notifications at the moment to a syslog server. I just need to log any denied attempts?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to whiteford

‎05-20-2008 03:16 AM

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

View solution in original post

0 Helpful
6 Replies 6

Go to solution
muca
Level 3
Level 3

‎05-20-2008 01:01 AM

Do you mean for each deny rule on your access-list?

If yes, you can use the keyword "log"

access-list 101 deny tcp 10.0.0.0 0.255.255.255 any eq ftp log

0 Helpful

Go to solution
whiteford
Level 1
Level 1
In response to muca

‎05-20-2008 02:51 AM

Right I have managed to get this list on the termin monitor, it a failed ssh session:

May 20 10:39:18.322: %SEC-6-IPACCESSLOGNP: list 50 denied 0 192.168.61.77 -> 0.0.0.0, 1 packet

But my syslog server is not showing it. The syslog server is set to notification, do I need to do anything elase?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to whiteford

‎05-20-2008 03:16 AM

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

0 Helpful

Go to solution
whiteford
Level 1
Level 1
In response to Jon Marshall

‎05-20-2008 03:27 AM

Thanks for your help, I added a deny ip any any atthe bottom of one of my access lists which controls inbound access and it's amazing how many denies pop up from external ip's on varius ports like, telnet, ssh http.

Do you know the command (when in console mode) to stop alerts like denys flood in while i'm typing and instead wait till I'm finished?

Thanks

0 Helpful

Go to solution
royalblues
Level 10
Level 10
In response to whiteford

‎05-20-2008 03:47 AM

you can use the logging synchronous command which affects the display of messages to the console.

When this command is enabled, messages appear only after you press Return

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swlog.html#wp1027065

Narayan

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to whiteford

‎05-20-2008 03:50 AM

router(config)# no logging console

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card