Show deny ACL logs on routers configure monitor session?

Unanswered Question
Apr 14th, 2009
User Badges:


I've done this in the past, but can't get it to work this time. I all want to to is show on the configure monitor session of a router I have a telnet session with, is the denied logs as an when they happen.

On my extended access list I have added a "deny ip any any log" then added "logging buffered 8192 notifications" and "logging trap notifications"

If I do a "show ip access-list" I get:

100 deny ip any any (304 matches)

So I now it is logging them but just not showing them, any ideas?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Tue, 04/14/2009 - 05:29
User Badges:
  • Gold, 750 points or more


You should do things as follows:

deny ip any any log

logging buffered 8192 information

Edit: You may carefully add this command,"ip access-list log-update threshold 10". It will log a message per 10 hits/packets.



Giuseppe Larosa Tue, 04/14/2009 - 05:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

hello Andy,

you can do the following:

sh log

sh log | inc Apr 14

or simply

terminal monitor

but you need to add the log option at the end of the ACL statement to have logging in action:

100 deny ip any any log

Hope to help


Edison Ortiz Tue, 04/14/2009 - 07:00
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

By default, the log messages are sent at the first matching packet and after that, identical messages are accumulated for 5-minute intervals, with a single message being sent with the number of packets permitted and denied during that interval. However, you can use the ip access-list log-update command to set the number of packets that, when match an access list (and are permitted or denied), cause the system to generate a log message. You might want to do this to receive log messages more frequently than at 5-minute intervals.





This Discussion