Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can I get router to log denies?

Hi,

I have a cisco 877 I wish to log any denys to the router, is this possible.

It's logging notifications at the moment to a syslog server. I just need to log any denied attempts?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Can I get router to log denies?

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

6 REPLIES
New Member

Re: Can I get router to log denies?

Do you mean for each deny rule on your access-list?

If yes, you can use the keyword "log"

access-list 101 deny tcp 10.0.0.0 0.255.255.255 any eq ftp log

New Member

Re: Can I get router to log denies?

Right I have managed to get this list on the termin monitor, it a failed ssh session:

May 20 10:39:18.322: %SEC-6-IPACCESSLOGNP: list 50 denied 0 192.168.61.77 -> 0.0.0.0, 1 packet

But my syslog server is not showing it. The syslog server is set to notification, do I need to do anything elase?

Hall of Fame Super Blue

Re: Can I get router to log denies?

%SEC-6-IPACCESSLOGNP is an informational message so you need to set your syslog server to informational.

For your ref

alerts = 1

critical = 2

errors = 3

warnings = 4

notifications = 5

informational = 6

debugging = 7

Jon

New Member

Re: Can I get router to log denies?

Thanks for your help, I added a deny ip any any atthe bottom of one of my access lists which controls inbound access and it's amazing how many denies pop up from external ip's on varius ports like, telnet, ssh http.

Do you know the command (when in console mode) to stop alerts like denys flood in while i'm typing and instead wait till I'm finished?

Thanks

Re: Can I get router to log denies?

you can use the logging synchronous command which affects the display of messages to the console.

When this command is enabled, messages appear only after you press Return

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swlog.html#wp1027065

Narayan

Hall of Fame Super Blue

Re: Can I get router to log denies?

router(config)# no logging console

201
Views
0
Helpful
6
Replies