07-18-2017 07:41 PM - edited 03-01-2019 05:17 AM
Hi ACI experts,
I would like to know is EPG filtering logging can be seen the details(allowed/denied) for the src-ip and dst-ip?
I have plan to move some servers from conventional switch to the ACI switches for better access control. Initially plan is utilize the EPG for allowed certain ip range and deny all others. Then we should analyse the denied logs to verify any genuine traffic that should be allow in later stage.
I just want to know is EPG logging got the visibility up to this level(determined what src-ip/dst-ip being dropped)? Coz i dun have the ACI device access at this moment to check on this details, not much resource can get from internet, thus need some advise.
I will vote for response. Thanks
Regards
Chong
07-19-2017 06:13 AM
Hi Chong,
Below is an example of an ACLLOG event entry from a logged contract. You can see that the "descr" key/value pair has all the information you need.
I feed the log into a script to distill down the flows. At the bottom you can see some summary data.
Hope this helps!
"eventRecord": {
"attributes": {
"affected": "topology/pod-1/node-201/sys",
"cause": "transition",
"changeSet": "",
"childAction": "",
"code": "E4204936",
"created": "2017-07-15T12:10:20.773-07:00",
"descr": " %ACLLOG-5-ACLLOG_PKTLOG: CName: CocaCola-TN:CocaCola-VRF(VXLAN: 2752512), VlanType: FD_VLAN, Vlan-Id: 16, SMac: 0x00505695c1b3, DMac:0x0022bdf819ff, SIP: 198.18.11.40, DIP: 8.8.8.8, SPort: 42575, DPort: 53, Src Intf: port-channel2, Proto: 17, PktLen: 79 ",
"dn": "subj-[topology/pod-1/node-201/sys]/rec-4294978845",
"id": "4294978845",
"ind": "special",
"modTs": "never",
"severity": "info",
"status": "",
"trig": "manual",
"txId": "3696360",
"user": "internal"
}
}
},From Script:
**** More than 10 hits! ****
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 0, u'198.18.15.40', 0, u'1', '') count: 619
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.42', 65535, u'8.8.8.8', 53, u'17', '') count: 204
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 65535, u'8.8.8.8', 53, u'17', '') count: 330
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 38972, u'198.18.11.40', 80, u'6', '') count: 13
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 65535, u'198.18.15.40', 80, u'6', '') count: 84
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 80, u'198.18.11.40', 65535, u'6', '') count: 47
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 65535, u'8.8.8.8', 53, u'17', '') count: 268
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 0, u'198.18.11.40', 0, u'1', '') count: 1128
Items in Temp List: 3980
Total items in imdata: 9438
Total ACL LOG lines: 3980
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide