12-23-2008 08:15 AM - edited 03-06-2019 03:07 AM
Hi, On the Cisco 3845 Integrated Services Router, I have a Zoned-Based Firewall set up. For testing purposes, I would like to log some "permitted" packets as well as "denied" packets that the firewall is allowing through or prohiting from passing the firewall. I see that there is a way to log the denials, but what I do not see is a way to log permitted packets to the syslog. Obviously, I probably do not want to do this in production, but would like to see my permitted packets in the syslog for our development testing. Is there a way to do this? This option does not appear to be available in SDM, can I do this using the CLI?
12-23-2008 11:39 AM
You can just append log at the end of each line of your access list. That should do it.
If you want to see if you ACL is getting hits just do a "show access-list"
There you can see the hit counts
12-23-2008 05:32 PM
I think letsgomets is correct, if you add "log" to the end of the extended access-list it should throw to the syslog.
Shane Cauley
Cheyenne, Wyoming
02-18-2009 07:45 PM
Nope. Didn't work. I get the error...
access-list with 'log' not supported, pls remove 'log' from access-list otherwise class-map RDC_NAT will not work properly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide