cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
2
Replies

IDS 4.0 and router console logging

john.kingston
Level 1
Level 1

I've got my IDS setup and running, but now when it adds anything to the ACL, it adds this:

10.1.1.1 deny any log

with the log in there, it's generating a lot of spam on the console when you are trying to use the router. How do I stop this console logging?

Thanks!

John

2 Replies 2

fmeetz
Level 4
Level 4

You will find it listed in this document if it's a known issue,

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/15284_02.htm

marcabal
Cisco Employee
Cisco Employee

There is a configuration to tell the sensor whether or not to add "log" at the end of each deny line.

In 3.x it is controlled by the EnableACLLogging token in managed.conf. It can be configured through IDM:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid50 step 6

If using IDS MC then you will need to reference their documentation.

In 4.x it is controlled by the "enable-acl-logging" configuration line:

sensor-3# configure terminal

sensor-3(config)# service networkaccess

sensor-3(config-NetworkAccess)# general

sensor-3(config-NetworkAccess-gen)# enable-acl-logging false

In 4.x it is not configurable in IDM, if using IDS MC you would need to reference their documenation.

In 3.x set the token to "0" to prevent the sensor from adding "log", and in 4.x set the configuration to "false".