Cisco Support Community
Community Member

Problem logging ACL deny's to buffer and syslog

I am trying to log messages that match the deny ip any any statement at the end of my access list to buffer and syslog. Neither is working on this switch, though I have gotten it to work on another switch. Am I doing something wrong or is this a bug? The relevant information:

4507, Sup V

Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I5K91S-M), Version 12.2(25)EWA5, RELEASE SOFTWARE (fc1)

interface Vlan209

description IPT NETWORK

ip address

ip access-group PhonesIn in

ip access-group PhonesOut out

ip helper-address


Extended IP access list PhonesIn


350 permit ip host any (74 matches)

360 deny ip any any log (123 matches)

Extended IP access list PhonesOut


340 permit ip any host

350 deny ip any any log (177 matches)

Switch# show logging

Syslog logging: enabled (0 messages dropped, 129 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: disabled

Monitor logging: level debugging, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 45020 messages logged, xml disabled,

filtering disabled

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled

Trap logging: level informational, 44129 message lines logged

Logging to, 44129 message lines logged, xml disabled,

filtering disabled


Re: Problem logging ACL deny's to buffer and syslog

The following example gives you an idea

access-list vlan30 extended permit

access-list vlan30 extended deny ip any any

deny ip any any as the implicit deny should take care of this.

Hall of Fame Super Gold

Re: Problem logging ACL deny's to buffer and syslog

I am puzzled about this answer since the original post was about not getting the output to logging to syslog or logging to buffered.

The output of show log looks like things should work. It does show that logging is configured to a syslog server and it does show that logging to the buffer is enabled and that the logging level of the buffer should include the ACL deny messages.

Can the original poster clarify whether other things are logging correctly to syslog and buffer and it is only the ACL deny that is not showing up or are there issues with logging other things as well?

It might be helpful in understanding what is going on if the original poster would post the output of this command:

show run | include log



CreatePlease to create content