Hi,
On Mon, Jun 03, 2002 at 10:32:12AM +0200, Gert Doering wrote:
> 1219606: 15w4d: %SEC-6-IPACCESSLOGS: list vlan40in denied 108.122.0.0 1 packet
>
> should it do that? What's "IPACCESSLOGS" (note the "S")? Why isn't it
> logging destination IP and protocol/port?
From what I've seen just now (just another round of garbage spewing,
nicely isolated, filtered to death, and watched with interest) - 1.1.1.X
is changed by me from the real network number to protect the innocent.
Ditto for the MAC.
15w4d: %SEC-6-IPACCESSLOGP: list vlan40in denied tcp 1.1.1.51(22325)
(Vlan40 0000.0000.5349) -> 203.154.206.18(67), 1 packet
15w4d: %SEC-6-IPACCESSLOGDP: list vlan40in denied icmp 1.1.1.229
(Vlan40 0000.0000.5349) -> 203.154.206.18 (8/0), 1 packet
15w4d: %SEC-6-IPACCESSLOGS: list vlan40in denied 203.154.206.18 1 packet
Looking at those, I'd wager a guess that "IPACCESSLOGS" means something
like "self-originated packet" or so (source IP 127.0.0.x), and it will
only log the destination IP in these cases.
Anyone curious enough to check the IOS sources...? :-)
(I'd consider it a bug, if it were so :-))
gert
-- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany gert@greenie.muc.de fax: +49-89-35655025 gert.doering@physik.tu-muenchen.de
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:58 EDT