cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1170
Views
0
Helpful
2
Replies

Viewing ACL logs

rasoftware
Level 1
Level 1

I have a deny any any "log" at the end of my ACL 103 inbound.

I want to view this as it say 831 matches and it would be helpful to debug a problem I have. Sh logging doesnt provide much info.

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

Rob

If you have deny any any log, then when something is denied it should write a message to the log (with severity level 6). So it depends a bit on how you have logging configured. If you have enabled logging buffered to include at least severity level 6 and if the logging buffer is large enough that the logs do not roll over and overwrite entries before you look, then the messages should be in the log (assuming that they are recent enough to still be in the log and not overwritten).

When you do a show log the first several lines indicate how logging has been configured. It might be helpful if you would post the first 8 or 10 lines of output of the show log command so we can see what is set up.

HTH

Rick

HTH

Rick

vladrac-ccna
Level 5
Level 5

Hello,

You could check the command

(config-if)#ip accounting access-violation

IP accounting records the number of bytes (IP header and data) and IP packets switched through the communication server for each source and destination pair. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the communication server or terminating in the communication server is not included in the accounting statistics.

If you specify the access-violations keyword, this command provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data might also indicate that you should verify IP access list configurations.

Statistics are accurate even if IP fast switching or IP access lists are being used on the interface.

IP accounting disables autonomous switching and SSE switching on the interface.

If it helps, please rate the post.

Regards,

Vlad

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: