Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

I'm stupid...how do I view the log from an ACL entry?

Status
Not open for further replies.

GeneralDzur

Technical User
Joined
Jan 10, 2005
Messages
204
Location
US
On a basic ACL to stop access to video-streaming sites, I've put this entry in my ACL:

deny ip 63.250.215.0 0.0.0.255 any log-input (73 matches)

As you can see, it's already had a few matches. I would like to view the log for this, to determine what the source IP is, but I am at a loss when it comes to viewing the log. Can anyone help?

- stephan
 
It depends pn how your logging is set up....

By default you should log to the console and the internal buffer. Connect to the router and type 'show logging' this will tell you where you will be sending logging messages; an example is:

router#show logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes,
0 overruns, xml disabled, filtering disabled)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 34 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
File logging: disabled
Trap logging: level informational, 37 message lines logged
...... the rest ommited

The messages will have logged to the internal buffer (if enabled) but may have been overwritten. You can change what memory is allocated to the internal buffer as when it reaches its limit it overwrites. You can also set up a syslog server and then look back through logs etc.

Good luck

Andy

 
hello there, did you try show access-list? Cheers....
 
me again, another way to check it it will be to enable ip accounting for a specific interface and ( interface config ip accounting) and after that do a show ip accounting.... You will have the source and the destination of the ip packets.. Cheers
 
Thanks tecnikall, that's really helpful. Andy - How would I go about setting up a syslog server?
 
There are many freeware Syslog servers available, most of which just log to a text file. There are others you can use (usually part of a NMS System so will cost you $$) that will allow manipulation of the received logs to sort them etc.

Setting a router to send syslog messages is easy:

logging host x.x.x.x
logging facility local7
logging trap

When you install a syslog server it listens on UDP port 514 and receives whatever messages are sent to it. Your router will send syslog messages to the server like it does to the console and/or buffer.

I don't have a permanent syslog server set up at home but I usually use the 3Com 3CDaemon freeware utility when debugging things.

Andy
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top