Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Logging denied packets without using "debug ip packet"

Hello, I am using a Cisco 1720 with IOS 12.0.5(T1)

with Firewall features and I want to be able to log packets rejected by access lists, without using the command "debug ip packet 102" because that creates an unnecessary CPU load.

But by now it is the only way I have been able to log the "%SEC-6-IPACCESSLOGP" packets.

I have added "log" at the end of the "deny" statement in my access-lists but that alone did not work.

If I turn debugging off, the only syslog messages that I receive are related to Fast-Switching like this: "%IPFAST-2-PAKSTICK" and the ones related to the firewall features "%FW-3-HTTP_JAVA_BLOCK:".

Please let me know if this is possible.

Gaston Sloover.

1 REPLY
New Member

Re: Logging denied packets without using "debug ip packet"

Configure syslog and offload the log files to an external log server.

153
Views
0
Helpful
1
Replies
CreatePlease login to create content