https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045913#M89880 <P>Hi Experts,</P><P></P><P>I would like to track a UDP syslog traffic.</P><P></P><P>I want to do a access-list but how can I do it without applying on the serial interface?</P><P></P><P>Can I just do a ip access-list 101 xx xx </P><P>on the config mode and track from there?</P><P></P><P>Cause that access-list doesn;t seems to log the traffic. I did a test on permit any any.</P><P></P><P>Thanks in advanced.</P><P></P><P>cindy</P><P></P> Mon, 04 Mar 2019 06:53:43 GMT cindylee27 2019-03-04T06:53:43Z https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045913#M89880 <P>Hi Experts,</P><P></P><P>I would like to track a UDP syslog traffic.</P><P></P><P>I want to do a access-list but how can I do it without applying on the serial interface?</P><P></P><P>Can I just do a ip access-list 101 xx xx </P><P>on the config mode and track from there?</P><P></P><P>Cause that access-list doesn;t seems to log the traffic. I did a test on permit any any.</P><P></P><P>Thanks in advanced.</P><P></P><P>cindy</P><P></P> Mon, 04 Mar 2019 06:53:43 GMT https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045913#M89880 cindylee27 2019-03-04T06:53:43Z https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045914#M89881 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>don't forget</P><P>"Access lists that are applied to interfaces do not filter traffic that originates from that router."</P><P>see <A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html" target="_blank">http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfacls.html</A></P><P></P><P>So you can't log syslog traffic sent from a router by an ACL applied on an interface on the same router <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P></P><P>BR,</P><P>Milan</P></BODY></HTML> Fri, 25 Jul 2008 05:49:40 GMT https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045914#M89881 milan.kulik 2008-07-25T05:49:40Z https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045915#M89882 <HTML><HEAD></HEAD><BODY><P>well, you got me wrong Milan..</P><P></P><P>The syslog traffic is from another device which is passing thru this router..</P><P></P><P>so now i wan to make sure that the syslog traffic indeed pass thru to proof that there is syslog coming from the device.</P><P></P><P>Thanks again.</P><P></P><P></P></BODY></HTML> Fri, 25 Jul 2008 07:25:35 GMT https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045915#M89882 cindylee27 2008-07-25T07:25:35Z https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045916#M89883 <HTML><HEAD></HEAD><BODY><P>A access list must be applied to a interface. You can in general apply it to either the outbound or inbound but just keying it in does nothing.</P><P></P><P>A access list like</P><P></P><P>permit udp any any eq syslog log</P><P>permit ip any any </P><P></P><P>Should get you what you need and cause no disruption to the traffic.</P><P></P><P>There are other ways like ip accounting or nbar that can be used to do this but all will require you to make configuration changes.</P><P></P><P></P><P></P></BODY></HTML> Fri, 25 Jul 2008 13:53:05 GMT https://community.cisco.com/t5/routing-and-sd-wan/to-track-a-udp-syslog-traffic-514-udp/m-p/1045916#M89883 tdrais 2008-07-25T13:53:05Z