cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
460
Views
5
Helpful
1
Replies

Extended ACL question / logging

alonzo-garza
Level 1
Level 1

hello all, I have written a firewall to deny dhcp requests from another subnet. The actual ACL is listed below...

access-list 101 deny udp any eq bootpc any log

(it's then applied to an interface)

interface FastEthernet0/0

ip address x.x.x.x

ip directed-broadcast 101

My question has to do with logging what the firewall denies? How do I see the log of the specific ACL 101. I know if I simply type in show log, it only shows me syslog messages on interfaces. How do I enable logging to a remote syslog server for the ACL specifically?

Any info. would be greatly appreciated.

Thanks,

~zo

1 Reply 1

steve.barlow
Level 7
Level 7

To send your logs to your syslog server enter the following:

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

!

access-list 101 deny udp any eq bootpc any log

!

logging source-interface FastEthernet0/0

logging x.x.x.x

However this will send all syslogs to the server. If you only want acl 101 to be sent, the router can't do that. You will need to send all messages and have the syslog server filter based on the character string in your messages. Common syslog servers are kiwi (free), Network Intelligence (commercial), and e-Security (commercial).

Hope it helps.

Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: