Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Show deny ACL logs on routers configure monitor session?

hi,

I've done this in the past, but can't get it to work this time. I all want to to is show on the configure monitor session of a router I have a telnet session with, is the denied logs as an when they happen.

On my extended access list I have added a "deny ip any any log" then added "logging buffered 8192 notifications" and "logging trap notifications"

If I do a "show ip access-list" I get:

100 deny ip any any (304 matches)

So I now it is logging them but just not showing them, any ideas?

Thanks

3 REPLIES

Re: Show deny ACL logs on routers configure monitor session?

Andy,

You should do things as follows:

deny ip any any log

logging buffered 8192 information

Edit: You may carefully add this command,"ip access-list log-update threshold 10". It will log a message per 10 hits/packets.

HTH,

Toshi

Hall of Fame Super Silver

Re: Show deny ACL logs on routers configure monitor session?

hello Andy,

you can do the following:

sh log

sh log | inc Apr 14

or simply

terminal monitor

but you need to add the log option at the end of the ACL statement to have logging in action:

100 deny ip any any log

Hope to help

Giuseppe

Hall of Fame Super Bronze

Re: Show deny ACL logs on routers configure monitor session?

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i1.html#wp1042595

By default, the log messages are sent at the first matching packet and after that, identical messages are accumulated for 5-minute intervals, with a single message being sent with the number of packets permitted and denied during that interval. However, you can use the ip access-list log-update command to set the number of packets that, when match an access list (and are permitted or denied), cause the system to generate a log message. You might want to do this to receive log messages more frequently than at 5-minute intervals.

HTH,

__

Edison.

10701
Views
0
Helpful
3
Replies
CreatePlease login to create content