f



enable logging ::: ip access-list any any log

hi,

on a catalyst 4507 switch, i am trying to configure an acl to stop
unwanted traffic on one of the vlan interface

before denying traffic, we wanted to see what is flowing into the
network, so we decided to add an ip any any log command. surprisingly,
lot of packets match the acl but nothing is displayed in the log

is there something i am missing

thanks, vasu

configuration
=========

ip access-list extended to_vlan42
 permit ip any 10.40.1.128 0.0.0.15
 permit ip any any log-input

show access-list output
=================

Catalyst4507#sh access-lists
Extended IP access list to_vlan42
    10 permit ip any 10.40.1.128 0.0.0.15 (7 matches)
    20 permit ip any any log (852 matches)

show log out
=========

Catalyst4507#
Catalyst4507#sh log
Syslog logging: enabled (0 messages dropped, 151 messages rate-
limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level notifications, 2058 messages logged, xml
disabled,
                     filtering disabled
    Monitor logging: level debugging, 10 messages logged, xml
disabled,
                     filtering disabled
    Buffer logging: level debugging, 2208 messages logged, xml
disabled,
                    filtering disabled
    Exception Logging: size (8192 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level debugging, 2212 message lines logged
        Logging to 192.168.16.6, 2212 message lines logged, xml
disabled,
               filtering disabled

Log Buffer (4096 bytes):

0
3/1/2007 9:14:16 AM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

2 Replies
909 Views

Similar Articles

[PageSpeed] 55

On Mar 1, 4:14 am, "Vasu" <vasu.inuko...@gmail.com> wrote:
> hi,
>
> on a catalyst 4507 switch, i am trying to configure an acl to stop
> unwanted traffic on one of the vlan interface
>
> before denying traffic, we wanted to see what is flowing into the
> network, so we decided to add an ip any any log command. surprisingly,
> lot of packets match the acl but nothing is displayed in the log
>
> is there something i am missing
>
> thanks, vasu
>
> configuration
> =========
>
> ip access-list extended to_vlan42
>  permit ip any 10.40.1.128 0.0.0.15
>  permit ip any any log-input
>
> show access-list output
> =================
>
> Catalyst4507#sh access-lists
> Extended IP access list to_vlan42
>     10 permit ip any 10.40.1.128 0.0.0.15 (7 matches)
>     20 permit ip any any log (852 matches)
>
> show log out
> =========
>
> Catalyst4507#
> Catalyst4507#sh log
> Syslog logging: enabled (0 messages dropped, 151 messages rate-
> limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
>     Console logging: level notifications, 2058 messages logged, xml
> disabled,
>                      filtering disabled
>     Monitor logging: level debugging, 10 messages logged, xml
> disabled,
>                      filtering disabled
>     Buffer logging: level debugging, 2208 messages logged, xml
> disabled,
>                     filtering disabled
>     Exception Logging: size (8192 bytes)
>     Count and timestamp logging messages: disabled
>     Trap logging: level debugging, 2212 message lines logged
>         Logging to 192.168.16.6, 2212 message lines logged, xml
> disabled,
>                filtering disabled
>
> Log Buffer (4096 bytes):

logging on or logging synchronous

You have one of those set?

0
Trendkill
3/1/2007 11:45:46 AM
Yes. I have logging on

Thanks

0
Vasu
3/3/2007 8:58:42 AM
Reply:

Similar Artilces:

logging cannot access log
i have applied the recent solaris 8 recommended and security cluster patches on sun solaris 8 i rebooted to get the patches applied,but am not able to mount / in rw mode Kernel version: SunOS 5.8 Generic 108528-23 Jun 2003 mount -o remount,rw / WARNING: Could not access the log for /; Please run fsck(1M) mount: No such device mount: cannot mount /dev/md/dsk/d30 vfstab entry /dev/md/dsk/d30 /dev/md/rdsk/d30 / ufs 1 no logging fsck -y / ** /dev/md/rdsk/d30 ** Last Mounted on / ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Che...

ip access-list log
Hello, In config i have access-list 100 permit tcp any host 172.16.10.173 eq 17000 log and logging origin-id string CISCO2621 logging 192.168.0.192 router should send messages to syslog server whit this rule: "For both standard and extended lists, the message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval." but in my syslog i see this messages in several seconds interval: 2008-09-11 14:51:43 Local7.Info 192.168.0.111 846: CISCO2621: .Sep 11 13:02:09.773: %SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(64434) -> 172.16.10.173(17000), 3 packets 2008-09-11 14:51:43 Local7.Info 192.168.0.111 847: CISCO2621: .Sep 11 13:02:10.049: %SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(64434) -> 172.16.10.173(17000), 1 packet 2008-09-11 14:51:45 Local7.Info 192.168.0.111 848: CISCO2621: .Sep 11 13:02:10.983: %SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(64434) -> 172.16.10.173(17000), 1 packet 2008-09-11 14:51:48 Local7.Info 192.168.0.111 849: CISCO2621: .Sep 11 13:02:14.204: %SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(64434) -> 172.16.10.173(17000), 27 packets 2008-09-11 14:51:48 Local7.Info 192.168.0.111 850: CISCO2621: .Sep 11 13:02:14.657: %SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(64434) -> 172.16.10.173(17000), 3 packets 2008-09-11 14:51:48 Local7.Info 192....

Logging Who Logs In
How can I keep track of who logs into my ASE (15.0.2)? Thanks, Steve -- Steven J. Backus Computer Specialist University of Utah E-Mail: steven.backus@utah.edu Genetic Epidemiology Alternate: backus@math.utah.edu 391 Chipeta Way -- Suite D Office: 801.587.9308 Salt Lake City, UT 84108-1266 http://www.math.utah.edu/~backus Hello, Enable auditing: http://infocenter.sybase.com/help/topic/com.sybase.help.ase_15.0.sag1/html/sag1/sag1831.htm Thanks, Neal On Dec 3, 9:04=A0pm, bac...@episun7.med.utah.edu (Steven Backus) wrote: > How can I keep track of who logs into my ASE (15.0.2)? > You can setup auditing to find out who logged in when. You can also find out who did what ! here is the ASE manual link.. http://tinyurl.com/5be3oe -HTH Manish Negandhi [TeamSybase] "Steven Backus" <backus@episun7.med.utah.edu> wrote in message news:gh6all$pga@episun7.med.utah.edu... > How can I keep track of who logs into my ASE (15.0.2)? > > Thanks, > Steve > -- > Steven J. Backus Computer Specialist > University of Utah E-Mail: steven.backus@utah.edu > Genetic Epidemiology Alternate: backus@math.utah.edu > 391 Chipeta Way -- Suite D Office: 801.587.9308 > Salt Lake City, UT 84108-1266 http://www.math.utah.edu/~ba...

wtmp,store.log and access.log
In one of my AIX 5.1 server /var is getting full in every three days...these files are getting full wtmp,store.log and access.log I added 1GB but of no use...they get filled up very quickly...can someone please tell me why this problem comes and its solution... Thanks in Advance... On Apr 2, 9:27 am, "vaitheeshka...@gmail.com" <vaitheeshka...@gmail.com> wrote: > In one of my AIX 5.1 server /var is getting full in every three > days...these files are getting full wtmp,store.log and access.log > > I added 1GB but of no use...they get filled up very quickly...can > someone please tell me why this problem comes and its solution... > > Thanks in Advance... hello just reconfigure rotation of Your logs. i.e find Your logrotate.conf file and add entry like below /var/log/wtmp { missingok daily create 0664 root utmp rotate 1 } /var/log/btmp { missingok daily create 0664 root utmp rotate 1 } in any case of problems just ask me You can find more in man logrotate regards marcin On Apr 2, 3:27 am, "vaitheeshka...@gmail.com" <vaitheeshka...@gmail.com> wrote: > In one of my AIX 5.1 server /var is getting full in every three > days...these files are getting full wtmp,store.log and access.log > > I added 1GB but of no use...they get filled up very quickly...can > someone please tell me why this problem comes and its solution... > > Thanks in Advance... Not sure what i...

How can I access logs logged by logMsg()
Thanks! Messages logged with logMsg will normally just go to the console. If you want then to got to a particular location, use logFdSet to direct them to a particular file. See the logLib doc for details. lc Messages logged with logMsg will normally just go to the console. If you want then to got to a particular location, use logFdSet to direct them to a particular file. See the logLib doc for details. lc ...

BIND
Hi All, BIND is not logging anything into the log file. Following is my named.conf section for logging options. ------ logging section from /etc/bind/named.conf file ----- logging { channel "debug" { file "/var/log/nameddbg" versions 2 size 50m; severity info; print-time yes; print-category yes; }; category "default" { "debug"; }; category "general" { "debug"; }; category "database" { "debug"; }; category "security" { "debug"; }; category "config" { "debug"; }; category "resolver" { "debug"; }; category "xfer-in" { "debug"; }; category "xfer-out" { "debug"; }; category "notify" { "debug"; }; category "client" { "debug"; }; category "unmatched" { "debug"; }; category "network" { "debug"; }; category "update" { "debug"; }; category "queries" { "debug"; }; category "dispatch" { "debug"; }; category "dnssec" { "debug"; }; category "lame-servers" { "debug"; }; }; ---- rndc shows that logging is enabled ---- debian:/etc/bind# rndc status number of zones: 5 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is ON recursive clients: ...

Log IP addresses of machines logged in Event Viewer?
Hello, I was wondering if anyone is logging the IP addresses of the machines they see in their event viewer, and if so how they are doing it. Thanks, Michael Salmons salmonsm@missouri.edu Under Win2000/XP you can add this line to your users' logon script: for /F "tokens=2 delims=:" %%a in ('ipconfig ^| find /i "IP Address"') do set IP=%%a echo %date% %time% %UserName% %ComputerName% %IP% >> \\YourServer\Logs\%ComputerName%.log Unwrap these lines. You will have to consolidate the various log files into a common log file eac...

gdm: how do I log who logs in?
Hi All, Is there a way to have gmd log who logs in and when they logged back out? Not having much luck Googling this. :-( Many thanks, -T # ls -al /var/log/gdm .... -rw-r--r-- 1 root root 1132 May 4 08:31 :0.log -rw-r--r-- 1 root root 1132 Apr 19 19:24 :0.log.1 -rw-r--r-- 1 root root 1132 Apr 19 16:37 :0.log.2 -rw-r--r-- 1 root root 1187 Apr 19 16:37 :0.log.3 -rw-r--r-- 1 root root 1132 Apr 11 08:14 :0.log.4 Note that my logs files are all one byte long. On May 4, 2011 14:50, in comp.os.linux.misc, Todd@invalid.com wrote: > Hi All, > > Is there a way to have gmd log who...

display logged in and logged out
Dear friends, I am having a doubt. How can i display the listof users who have logged in and logged out with in the given time. On Mon, 13 Mar 2006 22:35:56 -0800, balasam wrote: > Dear friends, > I am having a doubt. > How can i display the listof users who have logged > in and logged out with in the given time. Process the output of the "last" command. ...

Re: (1234*(2/3)^(Log[1234]/Log[3])) === (1234^(Log[2]/Log[3])) should be?
The result should be False. If you want True then you should use Equal ( == ) not SameQ ( === ) (1234*(2/3)^(Log[1234]/Log[3])) == (1234^(Log[2]/Log[3])) // Simplify True Bob Hanlon ---- Luka Rahne <luka.rahne@gmail.com> wrote: ============= what should be result of this evaluation? (1234*(2/3)^(Log[1234]/Log[3])) === (1234^(Log[2]/Log[3])) subqestion. How to make this work? ...

Cisco IP Access List search
I have done tons of google'ing and asked the top Cisco guru I know. Does anyone know of a program or command that I can use to find if something is blocked or already in an access list, what lines it shows up on and if it falls into any of the ranges. Here is an example: (Oh and BTW: I have a huge list that is just not optimal for someone to search through it visually) Search for 192.168.0.10 on all access lists Found 2: ACL: Outbound: 10 permit any tcp 80 192.168.0.10 any ACL: Inbound: 555 deny any udp 1337 192.168.0.0 0.0.3.255 any Search fo...

- where IP address should be in Apache access log
I'm new (3 months) to being a real webmaster and caring about what's in my log files -- so today when I saw for the first time entries in the Apache log files (our webhost is one of the big guys) that read like this: 74.6.17.156 - - [30/Sep/2008:20:11:50 -0700] "GET /robots.txt HTTP/ 1.0" 404 279 <snip> - - - [30/Sep/2008:20:12:32 -0700] "GET /OurCalendar.php HTTP/1.0" 200 8428 <snip> 12.68.34.5 - - [30/Sep/2008:20:25:09 -0700] "GET /logs HTTP/1.1" 301 102 <snip> I started searching the web for "no ip address" with...

Help! Apache Logs Problem
Hi all, I encountered a strange problem that 1 out of 3 sites access.log stopped occasionally by itself. Here's the details: - Running on Windows NT - Apache 1.3.3 - PHP Version 4.4.0 - 3 sites running on the same apache server. - 3 separate access logs for each sites - 1 out of 3 sites access.log occasionally stopped by itself - 3 sites are sharing the same error.log - Error found from error.log : Premature end of JPEG file - Cronolog is running to split the logs daily Does anyone have any ideas what could be the cause? ...

Help! Apache Logs Problem
Hi all, I encountered a strange problem that 1 out of 3 sites access.log stopped occasionally by itself. Here's the details: - Running on Windows NT - Apache 1.3.3 - PHP Version 4.4.0 - 3 sites running on the same apache server. - 3 separate access logs for each sites - 1 out of 3 sites access.log occasionally stopped by itself - 3 sites are sharing the same error.log - Error found from error.log : Premature end of JPEG file - Cronolog is running to split the logs daily Does anyone have any ideas what could be the cause? ...

I'd like to know about the difference of between access-list and ip access -list.
Hi. I'd like to know that the difference of access-list and ip access-list. configure is much the same, but I can't understand the difference about those. what is the major difference?... Please, Let me show the sample config I'm waiting for the answer.. Please, answer me as quicklly as possible In article <ca3aoq$91f$1@news1.kornet.net>, jsycap@yahoo.co.kr says... > Hi. > I'd like to know that the difference of access-list and ip access-list. > configure is much the same, but I can't understand the difference about > those. > what is the major diff...

logging of all read-access
My organisation wants to be able to log and monitor access to production data. Developers have production TACL access and may perform read operations in browse access, of course. Now we must enforce logging of "who saw what", such that if there is "an incident" of sorts, we can know who has accessed a certain set of data. I thought about doing something on the system level with TMF, but there are obviously data read situations that do not have any TMF transactions with them. Have any of you lot experienced this situation - and what did you do? I realize that we may simply need to stop developer's production access and only give such access in a logged state, where all terminal operations are basically recorded. This doesnt really satisfy the requirement of logging access, searchable by file/key/field specifications. Best regards, Henrik Wow, that's a really amazing requirement. Logging all data access down to the field/column level! Can you point to any system that provides a similar level of access reporting? Is this a nice-to-have capability or are your auditors demanding it? On Friday, February 12, 2016 at 9:31:49 AM UTC-5, Henrik Paludan-M=F8rk wro= te: > My organisation wants to be able to log and monitor access to production = data. > Developers have production TACL access and may perform read operations in= browse access, of course. > Now we must enforce logging of "who saw what", such that i...

Howto enable logging of IP only in pam_unix output?
RTFM and still cannot find a way to have pam_unix log _only_ the IP and not the hostname as in: vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=Administrator rhost=23-164-111-65.serverpronto.com Can PAM be forced to log just the IP address and not the hostname? Thanx Iain -- +49-151-52659004 Skype: iain.lea ...

How to enable firewall logging on a cisco 857 router
Hi, how is this achieved? I have specified on access rules that logging should be enabled but when I look at the router monitoring using SDM, it shows that the firewall logging is not configured. I do not want to use a syslog server Any ideas? mbanyon@hotmail.com wrote: > Hi, how is this achieved? > I have specified on access rules that logging should be enabled but > when I look at the router monitoring using SDM, it shows that the > firewall logging is not configured. I do not want to use a syslog > server > > Any ideas? Login to the router via the CLI and issue the ...

Log Explorer vs. ApexSQL Log vs. SQL Log-Rescue
Opinions? I've installed all three to try'em out and they all seem to be working so far, more or less. Log Explorer has given me a couple of errors but I started over and continued OK. ApexSQL Log squawked about "redo for delete cannot be generated for tables lacking clustered index". Huh? What the...? We have lots of tables without a clustered index. I read some reports in Red-Gate's technical support forum about their product actually bringing down SQL Server. That did not inspire confidence. All three install some server-side components like extended stored proc's which I'm not crazy about and I think all three are server or instance licensed (does anyone actually purchase more than one license when it seems like you can easily move any tran log to be analyzed to the server the product is installed on?). I don't think I'd want to install any of them on a Production server, at least one that I'm responsible for! Thanks, Martin Martin (mvirta@olgc.ca) writes: > ApexSQL Log squawked about "redo for delete cannot be generated for > tables lacking clustered index". Huh? What the...? We have lots of > tables without a clustered index. Probably the people at ApexSQL are like me: they think that every table should have a clustered index. If nothing else, fragmentation is easier to keep in check, if you have a clustered index. -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Books Online for SQL...

sendmail still logs old hostname in /var/log/mail.log
after changing the host name and restarting rsyslog information in mail.log still shows the old host name. Linux newhostname 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux ?? never mind........it started working........ musta been just enough time for the FQDN to implement -h "horus" <horus@sonic.net> wrote in message news:4ea13b8e$0$1641$742ec2ed@news.sonic.net... > after changing the host name and restarting rsyslog > information in mail.log still shows the old host name. > Linux newhostname 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC > 2011 x86_64 x86_64 x86_64 GNU/Linux > ?? > ...

Why does: "tail -f /var/log/messages | grep eth0 >> /var/log/eth0.log" create an empty log ?
bash scripting question: if: "cat /var/log/messages" yeilds: it87-isa-0290 Adapter: ISA adapter Algorithm: ISA algorithm VCore 1: +1.79 V (min = +1.48 V, max = +2.01 V) VCore 2: +1.24 V (min = +1.02 V, max = +1.37 V) +3.3V: +3.21 V (min = +2.80 V, max = +3.79 V) +5V: +4.97 V (min = +4.23 V, max = +5.75 V) +12V: +12.00 V (min = +10.16 V, max = +13.80 V) Stdby: +4.80 V (min = +4.23 V, max = +5.75 V) VBat: +0.00 V fan1: 5578 RPM (min = 3000 RPM, div = 2) fan2: 2922 RPM (min = 0 RPM, div = 2) M/B Temp: +43�C (l...

Solaris lp request log tool to list by queue name /var/lp/logs/requets
Here's a script to list all jobs from /var/lp/logs/requests for just a particular queue: Usage: request-it.pl queue_name < requests #!/bin/perl -w use strict; use Getopt::Long; use IO::Handle; STDOUT->autoflush(1); STDERR->autoflush(1); my $this_program = 'requests.pl'; my $this_version = '1.0'; my $version_info = <<EOT; $this_program $this_version EOT my $DEBUG = 0; my $help_info = <<EOT; Usage: $this_program queue_name < requests_file --debug enable debug mode --help print this help, then exit --version print ver...

SWS magical incantation to enable VirtualHost access logging...
I have SWS (Apache) running on a V8.3 Alpha. I've setup two VirtualHost Domains... <VirtualHost *:80> ServerName www.abcdefg.com ServerAlias abcdefg.com ServerAdmin webmaster@abcdefg.com DocumentRoot /abcdefg ErrorLog /apache$specific/logs/abcdefg.error_log CustomLog /apache$specific/logs/abcdefg.access_log common </VirtualHost> <VirtualHost *:80> ServerName www.tuvwxyz.com ServerAlias tuvwxyz.com ServerAdmin webmaster@tuvwxyz.com DocumentRoot /tuvwxyz ErrorLog /apache$specific/logs/tuvwxyz.error_log CustomLog /apache$spe...

CISCO IDS/IPS --> Log in SDEE Format
Hi, refered to the article http://www.trusecure.com/company/press/pr_20040223.shtml CISCO offers log messages (especially Intrusion related messages) in an XML format. Does anybody know which version (IOS/PIX) is needed to use this feature? Best regards, tobi The IPS sensors running version 5 log in SDEE, not sure about the PIX, routers support it in 12.3.14T (not sure if this is the earliest IOS that does SDEE or not...). tobi wrote: > Hi, > refered to the article > http://www.trusecure.com/company/press/pr_20040223.shtml > CISCO offers log messages (especially Intrusion rel...

Web resources about - enable logging ::: ip access-list any any log - comp.dcom.sys.cisco

Access control list - Wikipedia, the free encyclopedia
An access control list ( ACL ), with respect to a computer file system, is a list of permissions attached to an object . An ACL specifies which ...

Following Path’s contact fiasco, Instagram silently adds a contact list access prompt
... or not and is will continue to display the warning each time you try to utilise the ‘From my contact list ‘ option. It may have been accepted ...

Nokia Lumia 910 leaked on Remote Device Access list
The Nokia Lumia 910 is not yet released, but this particular smartphone did appear on a list of Nokia remote device access (RDA), which in essence, ...

My Theaters - Save Your Local Theaters in an Easy Access List
My Theaters: WashingtonPost.com's Going Out Guide allows you to save your preferred movie theaters in an easy to access list. Choose your favorite ...

10 steps to populate an Access list control using field-level properties
Susan Harkins explains how to populate an Access list control instantly by setting properties at the field (table) level to create a lookup field. ...


Canadian Netflix users get access to 'My List' feature
Canadian Netflix users are finally getting access to a feature many have been requesting: the ability to build a list of movies and TV shows ...

Access Hollywood Live: Royal Wedding Countdown - Analyzing The Guest List
Billy Bush and Kit Hoover are in London, where they catch up with royal wizard Neil Sean, who fills them in on all the latest details about the ...

Video: iOS 7 bug gives everyone access to your photos, contact list and more
... experts at Lookout allows anyone to bypass PIN or passcode-protected lock screens and send emails, update statuses on social networks or access ...

AP NewsBreak: Feds OK Fla. access to citizens list
Florida could use law enforcement database to challenge people's right to vote if suspected of not being U.S.

Resources last updated: 3/28/2016 6:51:54 PM