Cisco 3845 logging to syslog server

sdniel · ‎12-23-2008

Hi, On the Cisco 3845 Integrated Services Router, I have a Zoned-Based Firewall set up. For testing purposes, I would like to log some "permitted" packets as well as "denied" packets that the firewall is allowing through or prohiting from passing the firewall. I see that there is a way to log the denials, but what I do not see is a way to log permitted packets to the syslog. Obviously, I probably do not want to do this in production, but would like to see my permitted packets in the syslog for our development testing. Is there a way to do this? This option does not appear to be available in SDM, can I do this using the CLI?

letsgomets · ‎12-23-2008

You can just append log at the end of each line of your access list. That should do it.

If you want to see if you ACL is getting hits just do a "show access-list"

There you can see the hit counts

cauley.shane · ‎12-23-2008

I think letsgomets is correct, if you add "log" to the end of the extended access-list it should throw to the syslog.

Shane Cauley

Cheyenne, Wyoming

ken.chua · ‎02-18-2009

Nope. Didn't work. I get the error...

access-list with 'log' not supported, pls remove 'log' from access-list otherwise class-map RDC_NAT will not work properly