Viewing ACL logs

Unanswered Question
Feb 16th, 2006
User Badges:

I have a deny any any "log" at the end of my ACL 103 inbound.

I want to view this as it say 831 matches and it would be helpful to debug a problem I have. Sh logging doesnt provide much info.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Thu, 02/16/2006 - 10:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


If you have deny any any log, then when something is denied it should write a message to the log (with severity level 6). So it depends a bit on how you have logging configured. If you have enabled logging buffered to include at least severity level 6 and if the logging buffer is large enough that the logs do not roll over and overwrite entries before you look, then the messages should be in the log (assuming that they are recent enough to still be in the log and not overwritten).

When you do a show log the first several lines indicate how logging has been configured. It might be helpful if you would post the first 8 or 10 lines of output of the show log command so we can see what is set up.



vladrac-ccna Sat, 02/18/2006 - 17:15
User Badges:
  • Silver, 250 points or more


You could check the command

(config-if)#ip accounting access-violation

IP accounting records the number of bytes (IP header and data) and IP packets switched through the communication server for each source and destination pair. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the communication server or terminating in the communication server is not included in the accounting statistics.

If you specify the access-violations keyword, this command provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data might also indicate that you should verify IP access list configurations.

Statistics are accurate even if IP fast switching or IP access lists are being used on the interface.

IP accounting disables autonomous switching and SSE switching on the interface.

If it helps, please rate the post.




This Discussion