Re: N7k: ACL log

uhaskamp · ‎01-19-2011

Hello together,

we try to log hits to ACL entries to a syslog server.

We have an access list which blocks HSRP packets. We seen them in 'show logg ip access-list cache'

show logging ip access-list cache

Source IP        Destination IP     S-Port D-Port    Interface   Protocol          Hits
----------------------------------------------------------------------------------------
10.131.100.4     10.151.89.200      59275   2256      port-channel2 (17)UDP            5
10.131.100.5     10.151.89.200      49899   2256      port-channel1 (17)UDP            5
10.131.100.3     224.0.0.102        1985    1985      port-channel1 (17)UDP            160

But we don't see this HSRP entry in the syslog server. The other two entries are visible in the syslog server.

Is there a difference between "normal" data plane traffic and traffic for the control plane for the logging point of view?

And is there a way to make also the control packets visible

Thanks,

Udo

Robert Taylor · ‎01-27-2011

Hi Udo,

What version of code are you using. Also, can you tell me in what direction are you blocking hsrp? for the other two lines that are working, are you blocking those entries or are you permitting with the log statement included, and is that acl ingress or egress?

Maybe including the two acl's used, and the interface for which these acls were configured, we can take a look in more detail.

uhaskamp · ‎01-30-2011

Hi Robert,

thanks for your answer.

So, it is little strange.

We had configured ACL logging again from scratch and use an other syslog server and now it seems to be working.

We see all entries in the syslog that we see in the acl log cache.

I don't really know what the problem was.

Best regards,

Udo