Solved: Syslog setup on IOS

Dustin Barnett · ‎10-31-2011

Hi,

I'm trying to setup a syslog to log access/deny events for a specific IP address. I'm pretty sure I'm setting up the filter wrong, could someone help with an example?

Thanks

cadet alain · ‎10-31-2011

Hi,

then if you haven't got the keyword log at the end of the ACE in the ACL you will have no logging message to send to syslog server.

The only other way to see if this is ACL is hit is to clear access-list counter and then look at the hit count if you know how many packets this connection is sending or you could also sniff traffic and if you see icmp unreachables for administratively prohibited then you know an ACL blocked it provided you didn't disable ip unreachables on the interface.

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎10-31-2011

Hi,

you mean you configure an ACL denying access to a specific IP or from a specific IP?

Then just add the keyword log at the end of the ACE and configure your syslog server IP or name with

logging

Then configure type of message to send: logging trap informational

Regards.

Alain.

Don't forget to rate helpful posts.

Dustin Barnett · ‎10-31-2011

The problem is that I think an ACL is blocking a connection, but I'm not sure which one. Since I know the originating IP I am just looking to see if the connection was denied.

cadet alain · ‎10-31-2011

Hi,

then if you haven't got the keyword log at the end of the ACE in the ACL you will have no logging message to send to syslog server.

The only other way to see if this is ACL is hit is to clear access-list counter and then look at the hit count if you know how many packets this connection is sending or you could also sniff traffic and if you see icmp unreachables for administratively prohibited then you know an ACL blocked it provided you didn't disable ip unreachables on the interface.

Regards.

Alain

Don't forget to rate helpful posts.