Since v11.3 of the IOS, the Log option at the end of an ACL
statement results in logging packets that meet the ACL criterion. How and where
the logging is stored is controlled with the logging console
command. The simplest form of the Log option causes a message to be printed to
the console screen the first time the ACL is activated, and then every five
minutes while the ACL is still being used. The first report indicates only the
first packet, while the subsequent reports summarize the number of
occurrences.
The following output lines show the result of adding the Log
option to an ACL that blocks the access of host 192.168.1.10 to a LAN.
Rtr1(config)#access-list 50 deny 192.168.1.10 log
Rtr1config)#access-list 50 permit any
Rtr1(config)#int e0
Rtr1(config-if)#ip access-group 50 out
Rtr1(config-if)#^Z
Rtr1 #
11:29:37: %SEC-6-IPACCESSLOGS: list 50 denied 192.168.1.10 1 packet
Rtr1 #
11:34:53: %SEC-6-IPACCESSLOGS: list 50 denied 192.168.1.10 27 packets
Rtr1#
In the example, the last two lines indicate the workstation
attempted to ping a LAN host (192.168.5.1) seven times from the Command window.
The first packet was recorded in the first log entry. The other 27 packets, 4
per ping, were reported five minutes later.
The logging console command in Global
Configuration mode can be used to modify the Log options, which includes
specifying a host address running Syslog server software to forward all log
entries for permanent storage. Chapter 5 has a section demonstrating the various logging
options.
Sections
Comments (0 posted)
Syndication
