cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
4
Replies

ACL Logs doesn't appear

welcomeccie
Level 1
Level 1

I have an ACL which is working fine.

permit ip any host 204.73.44.226 (32 matches)

permit udp any any eq snmp (22 matches)

permit tcp any any eq 2967 log (7173566 matches)

deny ip any any (255731 matches)

when i do show logging i can see the permit logs only i can't find any deny logs.

4 Replies 4

dominic.caron
Level 5
Level 5

You dont have the command on your deny statement.

please rate helpful post

Sorry find below the ACL

logging monitor informational

SW4507#sh access-lists | inc deny

1060 deny ip any any log (1260 matches)

590 deny ip any any log (125 matches)

760 deny ip any any log

590 deny ip any any log (42 matches)

30 deny ip any any log

80 deny ip any any log

1650 deny ip any any log (16491945 matches)

610 deny ip any any log (1691 matches)

Extended IP access list Test

10 deny ip 10.7.92.0 0.0.0.255 10.7.6.0 0.0.0.255

30 deny ip any any log-input

SW#sh loggi

Syslog logging: enabled (0 messages dropped, 7 messages rate-limited, 0 flushes,

0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 26462 messages logged, xml disabled,

filtering disabled

Monitor logging: level informational, 0 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 177098 messages logged, xml disabled,

filtering disabled

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled

Trap logging: level informational, 177102 message lines logged

Logging to 55.4.8.2, 177102 message lines logged, xml disabled,

filtering disabled

This response shows denies from multiple access lists and we have no way to know which deny goes with which access list (which deny is the one related to the original post?). It would be much better if you were to just list show access-list so that we could see the entire list and understand the context.

In looking at the original post it does suggest that there are permit lines which include the log parameter and the deny does not:

permit tcp any any eq 2967 log (7173566 matches)

deny ip any any (255731 matches)

It would really help if we could see the access list. And showing it out of the config would probably be better than out of show access-list.

HTH

Rick

HTH

Rick

amit.secure1
Level 1
Level 1

You have to configure syslog server for recving all log of PIX..and you can't log locally(means on PIX itself) all logs bcze it's mostly firewall genrated so many logs and due to limited HDD space on PIX, pix wil stop working after full HDD..so enable syslog on pix and rcvd log on other configured server to view ALL LOGS..........pls let me know for any further clearfication..........