cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40612
Views
1
Helpful
3
Replies

Show deny ACL logs on routers configure monitor session?

whiteford
Level 1
Level 1

hi,

I've done this in the past, but can't get it to work this time. I all want to to is show on the configure monitor session of a router I have a telnet session with, is the denied logs as an when they happen.

On my extended access list I have added a "deny ip any any log" then added "logging buffered 8192 notifications" and "logging trap notifications"

If I do a "show ip access-list" I get:

100 deny ip any any (304 matches)

So I now it is logging them but just not showing them, any ideas?

Thanks

3 Replies 3

Andy,

You should do things as follows:

deny ip any any log

logging buffered 8192 information

Edit: You may carefully add this command,"ip access-list log-update threshold 10". It will log a message per 10 hits/packets.

HTH,

Toshi

Giuseppe Larosa
Hall of Fame
Hall of Fame

hello Andy,

you can do the following:

sh log

sh log | inc Apr 14

or simply

terminal monitor

but you need to add the log option at the end of the ACL statement to have logging in action:

100 deny ip any any log

Hope to help

Giuseppe

Edison Ortiz
Hall of Fame
Hall of Fame

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i1.html#wp1042595

By default, the log messages are sent at the first matching packet and after that, identical messages are accumulated for 5-minute intervals, with a single message being sent with the number of packets permitted and denied during that interval. However, you can use the ip access-list log-update command to set the number of packets that, when match an access list (and are permitted or denied), cause the system to generate a log message. You might want to do this to receive log messages more frequently than at 5-minute intervals.

HTH,

__

Edison.

Review Cisco Networking for a $25 gift card