Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Viewing ACL logs

I have a deny any any "log" at the end of my ACL 103 inbound.

I want to view this as it say 831 matches and it would be helpful to debug a problem I have. Sh logging doesnt provide much info.

  • WAN Routing and Switching
Hall of Fame Super Silver

Re: Viewing ACL logs


If you have deny any any log, then when something is denied it should write a message to the log (with severity level 6). So it depends a bit on how you have logging configured. If you have enabled logging buffered to include at least severity level 6 and if the logging buffer is large enough that the logs do not roll over and overwrite entries before you look, then the messages should be in the log (assuming that they are recent enough to still be in the log and not overwritten).

When you do a show log the first several lines indicate how logging has been configured. It might be helpful if you would post the first 8 or 10 lines of output of the show log command so we can see what is set up.



Re: Viewing ACL logs


You could check the command

(config-if)#ip accounting access-violation

IP accounting records the number of bytes (IP header and data) and IP packets switched through the communication server for each source and destination pair. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the communication server or terminating in the communication server is not included in the accounting statistics.

If you specify the access-violations keyword, this command provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data might also indicate that you should verify IP access list configurations.

Statistics are accurate even if IP fast switching or IP access lists are being used on the interface.

IP accounting disables autonomous switching and SSE switching on the interface.

If it helps, please rate the post.



This widget could not be displayed.