Solved: To track a UDP syslog traffic 514/udp

cindylee27 · ‎07-24-2008

Hi Experts,

I would like to track a UDP syslog traffic.

I want to do a access-list but how can I do it without applying on the serial interface?

Can I just do a ip access-list 101 xx xx

on the config mode and track from there?

Cause that access-list doesn;t seems to log the traffic. I did a test on permit any any.

Thanks in advanced.

cindy

tdrais · ‎07-25-2008

A access list must be applied to a interface. You can in general apply it to either the outbound or inbound but just keying it in does nothing.

A access list like

permit udp any any eq syslog log

permit ip any any

Should get you what you need and cause no disruption to the traffic.

There are other ways like ip accounting or nbar that can be used to do this but all will require you to make configuration changes.

milan.kulik · ‎07-24-2008

Hi,

don't forget

"Access lists that are applied to interfaces do not filter traffic that originates from that router."

So you can't log syslog traffic sent from a router by an ACL applied on an interface on the same router :-(

BR,

Milan

cindylee27 · ‎07-25-2008

well, you got me wrong Milan..

The syslog traffic is from another device which is passing thru this router..

so now i wan to make sure that the syslog traffic indeed pass thru to proof that there is syslog coming from the device.