Logging messages about packets permitted or denied by an IP access list is also available in Cisco IOS. Logging-enabled ACLs provide insight into traffic as it traverses the network or is dropped by network devices. Any packet that matches the access list will cause an informational logging message about the packet to be sent to the console.
You can monitor how many packets are being permitted or denied by a particular access list, including the source address of each packet.
To enable logging to all enabled destinations, configuring the following:
logging on
Configure the host to which syslog messages will be sent:
logging 10.0.0.1where 10.0.0.1 is the IP address of your log server (configured as a Syslog server)
access-list 1 permit 1.2.0.0 0.0.255.255 logTo see log generated, simple execute:
access-list 1 deny 1.3.0.0 0.0.255.255 log
show log
No comments:
Post a Comment