Solved: Re: show the log in an ACL

jacobss914 · ‎10-08-2007

I have an ACL which is working fine.

150 deny ip any host 204.73.44.250

160 deny ip any host 204.73.44.226 (32 matches)

170 permit udp any 0.0.0.0 255.255.255.0 eq snmp

180 deny udp any any eq snmp (22 matches)

190 deny tcp any any eq 2967 log (7173566 matches)

200 deny tcp any any eq 6667 log

210 deny ip any host 66.176.202.133 log

220 deny ip any host 211.100.30.34 log

230 deny ip any host 211.100.19.116 log

240 permit ip any any (255731 matches)

Now what level do I set the logging trap at to get these transfered to my syslog server.

BTW, other items are being transfered, except the hits on the ACLs.

TIA, Stephen

Richard Burts · ‎10-08-2007

Stephen

The log output from an access list is severity level 6.

HTH

Rick

HTH

Rick

View solution in original post

Edison Ortiz · ‎10-08-2007

You won't get all the hits individually. You will get a sum of hits within a process interval.

In other words, if you are accessing port 6667 for 2 minutes, it will accumulate that amount of hits and when the process is finished, it will transfer that information over to the syslog server with the total count.

Please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf013.htm#wp1001168

Richard Burts · ‎10-08-2007

Stephen

The log output from an access list is severity level 6.

HTH

Rick

HTH

Rick