Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Extended ACL question / logging

hello all, I have written a firewall to deny dhcp requests from another subnet. The actual ACL is listed below...

access-list 101 deny udp any eq bootpc any log

(it's then applied to an interface)

interface FastEthernet0/0

ip address x.x.x.x

ip directed-broadcast 101

My question has to do with logging what the firewall denies? How do I see the log of the specific ACL 101. I know if I simply type in show log, it only shows me syslog messages on interfaces. How do I enable logging to a remote syslog server for the ACL specifically?

Any info. would be greatly appreciated.

Thanks,

~zo

1 REPLY

Re: Extended ACL question / logging

To send your logs to your syslog server enter the following:

service timestamps debug datetime msec localtime

service timestamps log datetime msec localtime

!

access-list 101 deny udp any eq bootpc any log

!

logging source-interface FastEthernet0/0

logging x.x.x.x

However this will send all syslogs to the server. If you only want acl 101 to be sent, the router can't do that. You will need to send all messages and have the syslog server filter based on the character string in your messages. Common syslog servers are kiwi (free), Network Intelligence (commercial), and e-Security (commercial).

Hope it helps.

Steve

147
Views
5
Helpful
1
Replies