[c-nsp] 'permit ip any any log' not logging?
Thorhallur Sverrisson
thorhs at basis.is
Tue Feb 27 04:07:13 EST 2007
Ge Moua wrote:
> Make sure your debugging level for "buffer" is at least 6 or above (go to
> level 7 to elminate any doubts). See below:
>
> "logging buffered 16384 debugging"
>
> Buffer logging: level debugging, 27110 messages logged
This is the logging config, with no messages logged:
SW00100#show logging
Syslog logging: enabled (0 messages dropped, 11 messages rate-limited, 0
flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 10419 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 144 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 71 messages logged, xml disabled,
filtering disabled
Exception Logging: size (8192 bytes)
Count and timestamp logging messages: disabled
Trap logging: level informational, 10386 message lines logged
Logging to 10.24.1.100, 4697 message lines logged, xml disabled,
filtering disabled
>
> Feb 26 13:56:36: %SEC-6-IPACCESSLOGP: list vlan726_ingress denied tcp
> 210.179.159.32(24389) -> 134.84.189.127(22), 1 packet
>
I have the following messages in my log, but they are since I had 'log'
keyword on rules 10-30, no messages logged since I changed the access
list to log only to any:
*Feb 26 12:05:58: %SEC-6-IPACCESSLOGP: list vlan703-in permitted tcp
10.24.3.52(3050) -> 10.24.1.100(1984), 4 packets
*Feb 26 12:05:58: %SEC-6-IPACCESSLOGDP: list vlan703-in permitted icmp
10.24.3.52 -> 10.24.1.100 (0/0), 1 packet
*Feb 26 12:05:58: %SEC-6-IPACCESSLOGP: list vlan703-in permitted tcp
10.24.3.53(2402) -> 10.24.1.100(1984), 4 packets
*Feb 26 12:06:09: %SYS-5-CONFIG_I: Configured from console by thorhs on
vty0 (10.24.1.100)
Since I got the above messages I suppose my logging is set up correctly,
it's just the access-list which is not logging the packets.
Thorhallur
More information about the cisco-nsp
mailing list