Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Logging ACL's 1

Status
Not open for further replies.
Saruman

Saruman

Technical User
Oct 30, 2002
4
GB

At present my ACL's are logging all deny statements. I am currently looking to setup a syslog service for all devices capable of outputting logs to a designated syslog daemon. What is the best way to view the logs created by the "deny ip any any log" statements? I would like to know how to do this from the IOS CLI (using telnet etc) in the event of the syslog service not being available. The only commands that I can see are "sh logging" and "sh logging history", however the former has an option to pipe the output for further filtering. Please advise.

Thanks
 
Sort by date Sort by votes
If you have deny statements being logged, just telnet into the router, enter the "term mon" command and it will print those logs to the screen for you to look at.
logo-tektips.gif
 
Upvote 0 Downvote

Thanks for the advice, however running term mon in privileged mode returned no logs to view. I have setup logging to a remote syslog server, however "sh logging history" displays no attempts to log anything. I have seen no incoming connection attempts from the server end either. The global command "logging on" has been enabled.
 
Upvote 0 Downvote
try a "sh access-list 101" or whatever your access-list # is. If the packet numbers are incrementing, then you should be seeing logs, otherwise if they are not, you may not have the ACL applied correctly to the interface.
logo-tektips.gif
 
Upvote 0 Downvote

"sh access-lists" displays all my currently used ACL's and also shows matches against my deny/log statements (16649 for one in particular). This is the command I usually use to check that my ACL's are working correctly. "term mon" continues to return nothing - do I have to configure logging in any particular way to use this command?
 
Upvote 0 Downvote
----------------------
access-list 102 permit tcp any any eq 3389 log
access-list 102 permit ip any any
!
logging trap debugging
logging 216.147.143.14
----------------------

That is my current logging config. It logs to the IP 216.147.143.14. But, when I enable "term mon", it also logs it to my screen so I can see it as it happens.
logo-tektips.gif
 
Upvote 0 Downvote
try turning it off & on again from privileged mode

no logging on
loggin on

worth a try.

I have a MS background so I am used to the off & on to try and fix things :eek:)
 
Upvote 0 Downvote
Not sure this is pertanant but at any time did you use the command no logging console? if so ( or even if you didn't) try the command logging console. it might help!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rfpup
  • Locked
  • Question
logging commands in ACS
Replies
2
Views
92
rfpup
rfpup
hidalgo1716
  • Locked
  • Question
My ACL's are not working like i think they should, can anyone take a look???
Replies
8
Views
62
imbadatthis
imbadatthis
pbxnkey
  • Locked
  • Question
Router ACL's
Replies
12
Views
56
Viconsul
Viconsul
grbo
  • Locked
  • Question
logging signal strenth from cell tower to wifi
Replies
0
Views
34
grbo
grbo
drbk563
  • Locked
  • Question
Difference between logging event-link status & snmp trap link-status 1
Replies
1
Views
240
vipergg
vipergg

Part and Inventory Search

Sponsor

Back
Top