Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
1
Replies

ACI EPG Logging details

Tzy Chun Chong
Level 1
Level 1

‎07-18-2017 07:41 PM - edited ‎03-01-2019 05:17 AM

Hi ACI experts,

I would like to know is EPG filtering logging can be seen the details(allowed/denied) for the src-ip and dst-ip?

I have plan to move some servers from conventional switch to the ACI switches for better access control. Initially plan is utilize the EPG for allowed certain ip range and deny all others. Then we should analyse the denied logs to verify any genuine traffic that should be allow in later stage.

I just want to know is EPG logging got the visibility up to this level(determined what src-ip/dst-ip being dropped)? Coz i dun have the ACI device access at this moment to check on this details, not much resource can get from internet, thus need some advise.

I will vote for response. Thanks

Regards

Chong

Labels:
0 Helpful
1 Reply 1

Claudia de Luna
Spotlight
Spotlight

‎07-19-2017 06:13 AM

Hi Chong,

Below is an example of an ACLLOG event entry from a logged contract.  You can see that the "descr" key/value pair has all the information you need.

I feed the log into a script to distill down the flows.  At the bottom you can see some summary data.

Hope this helps!

"eventRecord": {
"attributes": {
"affected": "topology/pod-1/node-201/sys",
"cause": "transition",
"changeSet": "",
"childAction": "",
"code": "E4204936",
"created": "2017-07-15T12:10:20.773-07:00",
"descr": " %ACLLOG-5-ACLLOG_PKTLOG: CName: CocaCola-TN:CocaCola-VRF(VXLAN: 2752512), VlanType: FD_VLAN, Vlan-Id: 16, SMac: 0x00505695c1b3, DMac:0x0022bdf819ff, SIP: 198.18.11.40, DIP: 8.8.8.8, SPort: 42575, DPort: 53, Src Intf: port-channel2, Proto: 17, PktLen: 79 ",
"dn": "subj-[topology/pod-1/node-201/sys]/rec-4294978845",
"id": "4294978845",
"ind": "special",
"modTs": "never",
"severity": "info",
"status": "",
"trig": "manual",
"txId": "3696360",
"user": "internal"
}
}
},

From Script:

**** More than 10 hits! ****
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 0, u'198.18.15.40', 0, u'1', '') count: 619
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.42', 65535, u'8.8.8.8', 53, u'17', '') count: 204
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 65535, u'8.8.8.8', 53, u'17', '') count: 330
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 38972, u'198.18.11.40', 80, u'6', '') count: 13
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'16', u'198.18.11.40', 65535, u'198.18.15.40', 80, u'6', '') count: 84
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 80, u'198.18.11.40', 65535, u'6', '') count: 47
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 65535, u'8.8.8.8', 53, u'17', '') count: 268
key: (u'CocaCola-TN', u'CocaCola-VRF', u'2752512', u'20', u'198.18.15.40', 0, u'198.18.11.40', 0, u'1', '') count: 1128
Items in Temp List: 3980
Total items in imdata: 9438
Total ACL LOG lines: 3980

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License