01-22-2014 09:29 AM - edited 03-07-2019 05:43 PM
When I perform a show logg on my switch it shows a notification like the one below every 5 minutes:
Jan 21 09:50:52.742: %SEC-6-IPACCESSLOGS: list 10 permitted 10.20.10.254 80 packets
It is filling up my switch log. It is caused by my Cacti server polling the switch every 5 minutes for statistics, but I don't want this filling up my logs.
Is there a way to stop this specific notification from being inserted in my logging buffer?
BTW... it is on all of my switches that I'm polling with Cacti
Solved! Go to Solution.
01-22-2014 09:46 AM
Hi,
Take a look at the access-list 10 and you'll see that it has the keyword log at the end of it. This is what is generating the message. If you remove the log keyword then you should no longer see the messages.
You may of course want to check as to why it was included in the first place. There may be something within your security policy that means you need to log this information.
Regards
01-22-2014 09:46 AM
Hi,
Take a look at the access-list 10 and you'll see that it has the keyword log at the end of it. This is what is generating the message. If you remove the log keyword then you should no longer see the messages.
You may of course want to check as to why it was included in the first place. There may be something within your security policy that means you need to log this information.
Regards
01-22-2014 10:53 AM
It could also be appended to your SNMP community. For example
snmp-server community MYSNMPCOMMUNITY RO 10
That sets an ACL on SNMP and it will also generate the logging message. You can lower your logging level to the buffer as well.
logging buffer 3
01-22-2014 11:00 AM
Hi Colin,
I agree that ACL 10 is appended to the snmp-server community command, but the %SEC-6-IPACCESSLOGS messages are being generated because ACL 10 has the log keyword e.g., access-list 10 permit 10.20.10.0 0.0.0.255 log. We can keep the ACL on the snmp-server community command and not have to change the logging level simply by removing the log keyword.
Regards
01-23-2014 07:46 AM
Thanks Steve, you're right it was the log statement. I appreciate the help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide