04-14-2009 05:16 AM - edited 03-06-2019 05:09 AM
hi,
I've done this in the past, but can't get it to work this time. I all want to to is show on the configure monitor session of a router I have a telnet session with, is the denied logs as an when they happen.
On my extended access list I have added a "deny ip any any log" then added "logging buffered 8192 notifications" and "logging trap notifications"
If I do a "show ip access-list" I get:
100 deny ip any any (304 matches)
So I now it is logging them but just not showing them, any ideas?
Thanks
04-14-2009 05:29 AM
Andy,
You should do things as follows:
deny ip any any log
logging buffered 8192 information
Edit: You may carefully add this command,"ip access-list log-update threshold 10". It will log a message per 10 hits/packets.
HTH,
Toshi
04-14-2009 05:30 AM
hello Andy,
you can do the following:
sh log
sh log | inc Apr 14
or simply
terminal monitor
but you need to add the log option at the end of the ACL statement to have logging in action:
100 deny ip any any log
Hope to help
Giuseppe
04-14-2009 07:00 AM
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i1.html#wp1042595
By default, the log messages are sent at the first matching packet and after that, identical messages are accumulated for 5-minute intervals, with a single message being sent with the number of packets permitted and denied during that interval. However, you can use the ip access-list log-update command to set the number of packets that, when match an access list (and are permitted or denied), cause the system to generate a log message. You might want to do this to receive log messages more frequently than at 5-minute intervals.
HTH,
__
Edison.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide