[c-nsp] More 6500 questions... Optimized ACL Logging
Phil Mayers
p.mayers at imperial.ac.uk
Wed May 9 07:34:40 EDT 2007
Phil Mayers wrote:
>
>>
>> But when I try to see what is being logged I get nothing :-
>> sh logging ip access-list cache
>> Matched flows:
>> id prot src_ip dst_ip sport dport status count
>> total lastlog
>> --------------------------------------------------------------------------------------
>>
>>
>> Number of entries: 0
>> Number of messages logged: 0
>> Number of packets logged: 0
>> Number of packets received for logging: 0
>>
>>
>>
>> What have I missed?
>>
>
> Ah ha. Interestingly I've just had to turn this on due to a symantec
> worm outbreak here, and sure enough the "deny" packets were not hitting
> the OAL buffer. Then I found this:
>
> http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00801609f6.html
Sorry, more direct URL+fragment:
http://tinyurl.com/2wxcmo
More information about the cisco-nsp
mailing list