log

sureshkum · ‎08-13-2007

Hi,

access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445

This is my ACL.But i wanted to know which are all systems are connecting to 172.30.2.140.the broblem is if the source systems are connecting always to 172.30.2.140 means i could find trou sh conn command rite, But they are connecting occasionally.hence i m getting hit counts in that particular ACL.So could please share with me, How could i find the Connecting source ip address.Please help me..Thanks in advance

Jon Marshall · ‎08-14-2007

Hi

You need to add the keyword "log" to the end of your access-list entry and send the logging through to a syslog server.

HTH

Jon

sureshkum · ‎08-14-2007

Hi,

Thanks a lot for ur response.I have added already.But unable to find any entry related to 445 port for that corresponding source and destination.I m getting only denyed logs.but it should come under permit log i think so.my syslog trap level is notification.What i have to do further?.Please..Acl in given below

access-list branch-policy line 43 permit tcp 172.16.0.0 255.240.0.0 host 172.30.2.140 eq 445 log 6 interval 300 (hitcnt=106)

Jon Marshall · ‎08-14-2007

Hi

You need your logging level to be at "informational".

Bear in mind that this will generate a lot of logs and network traffic so be careful.

HTH

Jon

sureshkum · ‎08-14-2007

Hi,

Thanks a lot for ur response.I have added already.But unable to find any entry related to 445 port for that corresponding source and destination.I m getting only denyed logs.but it should come under permit log i think so.my syslog trap level is notification.What i have to do further?.Please