Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4349
Views
15
Helpful
8
Replies

ACL Log is not sending to syslog server

chong.eric
Level 1
Level 1

‎11-08-2017 10:46 AM - edited ‎02-21-2020 06:40 AM

Hi I have enabled a log on ACL as below ip access-list extend CAPTURE_BATCH_1_VLAN_103 permit tcp host 172.16.101.108 any gt 0 log permit tcp host 172.16.101.109 any gt 0 log permit ip any any when i do "show log" in the switch, I can see the ACL log in the buffered. When I check on the syslog server, there is no log for ACL, but I can see other logs in the syslog server please advise
0 Helpful
8 Replies 8

Flavio Miranda
VIP
VIP

‎11-08-2017 02:13 PM

Hi,

 

 How is logging ocnfigured on this Switch? The other logs you see on the syslog server is from this switch?

 

 

 

-If I helped you somehow, please, rate it as useful.-

chong.eric
Level 1
Level 1
In response to Flavio Miranda

‎11-08-2017 06:44 PM

Hi

logging buffered informational
logging console informational
logging monitor informational
logging source-interface Vlan1
logging 172.17.200.11
logging 172.16.1.80
logging 172.16.101.178
logging 172.16.107.21

Yes...the log i see in the syslog is from the same switch.
0 Helpful

joshua.a.tryon
Level 1
Level 1
In response to chong.eric

‎01-23-2018 08:01 AM

I'm having the same problem on a Cisco 2911 router where it's logging the ACL hits but they are not going to the syslog server.  Other log messages such as configuration changes, ssh access are going to the syslog server.  I've tried "ip access-list logging interval 1", various "logging trap" levels, but nothing works.  Thoughts?

0 Helpful

MKH
Level 1
Level 1
In response to joshua.a.tryon

‎03-28-2018 04:51 AM

Hi

I have the same problem.

Thank you.

0 Helpful

MKH
Level 1
Level 1
In response to joshua.a.tryon

‎03-28-2018 06:26 AM - edited ‎03-28-2018 06:30 AM

Hi

My problem solved. I add ip access-group in both side (in and out).

Please share your logging config if your problem haven't solved yet .

Thank you. 

MKH
Level 1
Level 1
In response to Flavio Miranda

‎03-28-2018 04:43 AM

Hi 

I have the same problem.

As you ask,other logs go to  the syslog server from this switch, but ACL log doesn't go.

Thank you.

albert_sze
Level 1
Level 1

‎11-14-2018 01:53 PM

Hello everyone, i have the same issue. Were you able to figure out why config messages are being sent but not ACL hits?

0 Helpful

MKH
Level 1
Level 1
In response to albert_sze

‎11-21-2018 08:13 AM

Hi

Because your configuration changes accrued in control plane, but your ACL traffic are in data plane.

You have to apply your ACL on interface/interfaces for out/in traffic.

Good luck.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card