cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
0
Helpful
1
Replies

logging on ACLs - problem with deny ACEs

johanhofmans
Level 1
Level 1

I discovered that recently our FWSM does not want to log deny-flows any more.

Whenever I want a certain ACE to be logged, I enable the logging with the alert level - and it gets Syslogged.

Configuration used:

---

BE01NF31/UNIVEG# sh run log

logging enable

logging timestamp

logging list ErLst level alerts

logging list ErLst message 106100

logging buffer-size 16384

logging trap ErLst

logging asdm ErLst

logging host FW_Ext BE01S514

logging permit-hostdown

logging class config trap warnings

logging class ip trap alerts

---

Whenever I log a 'permit' ACE, it works fine, but when I want to log a 'deny' ACE, nothing is sent to the Syslog server.

What can cause this behaviour? What can I check?

Thanks !!

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

There is a possibility that you might be hitting the maximum number of ACL log deny-flows via syslog message# 106101:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs.html#wp1727742

However since you are only sending syslog message# 106100 to your syslog server, you are not seeing the other syslog messages that might give you an explaination on why you are not seeing the deny logs.

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: