Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
628
Views
0
Helpful
1
Replies

ACL logging on N1KV issue

Dmitri Olchevski
Level 1
Level 1

‎01-30-2013 07:11 AM - edited ‎03-07-2019 11:24 AM

We have an ACL created and applied to a port-profile on N1KV

We are getting hits on this ACL, but the actual denies are not getting logged on VSM or our syslog server. If we check on the VEM we can see the details while the flow is active. Example:

vem ACL.jpg

Hovewer, on VSM, it shows nothing, but the hit counter increasing:

vsm ACL.jpg

VEM acllog config:

vem acllog.jpg

VSM acllog config (note, we tried to change acllog level from default 2 to 6 using "loggong level acllog 6" to no avail):

vsm acllog.jpg

What do we need to do to start logging ACL events locally and to the external syslog?

Thanks.

Labels:
0 Helpful
1 Reply 1

Nick Catenacci
Level 1
Level 1

‎05-15-2013 11:42 AM

Hello Dmitri,

The Cisco Nexus 1000v sources ACL Logs from the VEMs themselves.  Therefore, if your syslog server is, for example, Cisco LMS, it is configured to see syslogs from one IP - that of the VSM VIP for the N1KV switch. 

You will need to setup a syslog server that can view syslogs sourcing from the IPs of the VEMs, which are the IPs of your ESXi hosts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card