10-31-2011 12:36 PM - edited 03-07-2019 03:08 AM
Hi,
I'm trying to setup a syslog to log access/deny events for a specific IP address. I'm pretty sure I'm setting up the filter wrong, could someone help with an example?
Thanks
Solved! Go to Solution.
10-31-2011 02:10 PM
Hi,
then if you haven't got the keyword log at the end of the ACE in the ACL you will have no logging message to send to syslog server.
The only other way to see if this is ACL is hit is to clear access-list counter and then look at the hit count if you know how many packets this connection is sending or you could also sniff traffic and if you see icmp unreachables for administratively prohibited then you know an ACL blocked it provided you didn't disable ip unreachables on the interface.
Regards.
Alain
10-31-2011 01:48 PM
Hi,
you mean you configure an ACL denying access to a specific IP or from a specific IP?
Then just add the keyword log at the end of the ACE and configure your syslog server IP or name with
logging
Then configure type of message to send: logging trap informational
Regards.
Alain.
10-31-2011 01:54 PM
The problem is that I think an ACL is blocking a connection, but I'm not sure which one. Since I know the originating IP I am just looking to see if the connection was denied.
10-31-2011 02:10 PM
Hi,
then if you haven't got the keyword log at the end of the ACE in the ACL you will have no logging message to send to syslog server.
The only other way to see if this is ACL is hit is to clear access-list counter and then look at the hit count if you know how many packets this connection is sending or you could also sniff traffic and if you see icmp unreachables for administratively prohibited then you know an ACL blocked it provided you didn't disable ip unreachables on the interface.
Regards.
Alain
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: