It should not be difficult to configure an access list that will generate log messages for each attempt to connect from source address 1.1.1.1. But there are a few things that you need to decide about how you want the access list to work.
- the access list must permit or must deny the packet. Do you want to permit or to deny in the access list?
- clearly we need to check for attempts with SSH. But do we need to check for other protocols as well?
- you want to see attempts to access this 4500 but not attempts to access any other device. So you need to supply a list of all of the IP addresses that might be used to access this 4500. (probably the output of show ip interface brief is the place to start)
- note that adding the log parameter to an ACL entry forces matching packets to be process switched. Is the potential performance impact acceptable? (probably not a lot of impact but we will not know till we have tried it)
HTH
Rick
HTH
Rick