Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
1
Replies

3560 ACL logging/hit count behavior...

Sebastian Stigler
Level 1
Level 1

‎04-15-2016 05:32 AM - edited ‎03-08-2019 05:22 AM

according to https://supportforums.cisco.com/discussion/10860216/matchhit-acl-37503560 ACL hit count doesn't increasing because of fast-switching/hardware-routing and the only way to see if ACL hits is from logging with the "log" keyword. After a while there some hits on ACL entry (should be more), but not a single log entry. Official cisco configuration guide says "log" keyword on standard ACL should produce a log entry because it's processed by cpu.

1. Why logging doesn't work?

2. Only standard ACLs support logging?

3. Is there another way to check if an ACL entry match?

SW Version: 12.2(55)EX3

10 permit any log (20 matches)
20 deny   any log

Buffer logging:  level notifications, 1 messages logged, xml disabled,
                         filtering disabled

Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: file flash:test.log,
        max size 500000, min size 0,
        level debugging, 198 messages logged
Persistent logging: disabled

No active filter modules.

    Trap logging: level debugging, 204 message lines logged

Log Buffer (4096 bytes):

000197: Apr 15 11:57:18: %SYS-5-CONFIG_I: Configured from console by ciscoadmin on vty6 (10.17.36.13)

Labels:
0 Helpful
1 Reply 1

Mark Malone
VIP Alumni
VIP Alumni

‎05-04-2016 06:18 AM

Hi

Once you enable log it prevents it from being CEF fast switched , did you try alter your buffer looks like your only collecting for notifications by any chance did you try change the logging buffer to something else like logging buffer informational thought off my head that was the 1 for acl logs

(config)#logging buffered ?
  <0-7>              Logging severity level
  <4096-2147483647>  Logging buffer size
  alerts             Immediate action needed           (severity=1)
  critical           Critical conditions               (severity=2)
  debugging          Debugging messages                (severity=7)
  discriminator      Establish MD-Buffer association
  emergencies        System is unusable                (severity=0)
  errors             Error conditions                  (severity=3)
  filtered           Enable filtered logging
  informational      Informational messages            (severity=6)
  notifications      Normal but significant conditions (severity=5)
  warnings           Warning conditions                (severity=4)
  xml                Enable logging in XML to XML logging buffer
  <cr>

0 Helpful
Customers Also Viewed These Support Documents