What does the 'log-input" cmd do on an ACL?

[GeneralDzur]

Hey, when I'm putting together an ACL, what does the command 'log-input' do? I know it logs violations against an ACL, right? I'm just looking for specific usage of it, if anyone knows.

- stephan

 

[reliancetech]

I understand it as it sends ACL logs to Router log buffer and syslog servers. Otherwise you will not get ACL logs

 

[webnetwiz]

Logs the activity in the router's log and logs what interface the request/data came from. So basically when traffic is matched against your ACL and it matches an entry (either permit or deny), a log entry is written in the log with a timestamp and source interface.

 

[GeneralDzur]

How do I view the system log or ACL log? I can't find the command/answer anywhere

- stephan

 

[reliancetech]

You need to install syslog server on your windows or linux machine in same or reachable network from router. SIA mirko or kiwisyslog are commonly use. and free of cost :-D.

Now you need to configure your router to send log buffer to syslog server. In globle configuration mode there is command logging is use for this purpose

config#logging host a.b.c.d (IP address of your syslog server)

Also you can use logging trap to increase log severity level.

If you do not have syslog server, if IOS support you can use
router#sh log

this can show you logs of your router.

-- Nayan

 

[GeneralDzur]

What exactly does it log? Because I have NetFlow routing setup export to a NetFlow analyzer. The only thing it *doesn't* do is show ACL violations. Does syslogging do that?

- stephan

 

[reliancetech]

i try this on Cisco Access Point 1200 with MAC address security "access list 700" implemented. When there is no log-input command, and I am trying to connect new machine with its MAC address not in access list, Machine is denied by access point but log file does not show any thing.

Now i put log-input at the end of access list. and I found that log file say 0080.e1a3.78a6 ( MAC address not in access list ) denied by ACL.