Dear all,
1) I was trying to log a access-list counter to the syslog server, so I type
router(config)#access-list 100 tcp any any eq www log
but it doesn't delete the original access-list and it create two entries one
with log in behind and one without.
But when I delete the entry
router(config)#no access-list 100 tcp any any eq www log
it delete ALL my access-list 100 entry !!! why..??? then how to delete only
one entry
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq www log
access-list 100 permit tcp any eq www any
access-list 100 permit tcp any any eq 5100
access-list 100 permit tcp any eq 5100 any
access-list 100 permit udp any any eq domain
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any eq 3000 any
access-list 100 permit udp any eq 3000 any
access-list 100 permit tcp any any eq 3000
access-list 100 permit udp any any eq 3000
access-list 100 permit tcp any any eq 4040
access-list 100 permit tcp any any eq 6080
access-list 100 permit tcp any any range 8194 8294
access-list 100 permit udp any any range 48129 48192 log
access-list 100 permit udp any eq 6080 any
access-list 100 permit udp any eq 4040 any
2)(OPTIONAL)
After I log the access-list counter to the syslog server, I found the file
in the syslog in very big, there are too many many entry in the file, 1
packet will create one entry like
Feb 2 15:50:22 57.198.165.240 5343: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.171(48130) -> 192.168.3.149(48130), 1 packet
Feb 2 15:50:33 57.198.165.240 5344: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.173(48130) -> 192.168.3.133(48130), 1 packet
Feb 2 15:50:43 57.198.165.240 5345: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.173(48130) -> 192.168.3.153(48130), 1 packet
Feb 2 15:51:13 57.198.165.240 5346: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.173(48130) -> 192.168.3.112(48130), 1 packet
Feb 2 15:51:23 57.198.165.240 5347: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.173(48130) -> 192.168.3.140(48130), 1 packet
Feb 2 15:51:33 57.198.165.240 5348: 16w4d: %SEC-6-IPACCESSLOGP: list 100
permitted udp 19
9.105.182.23(48129) -> 192.168.3.139(48129), 1 packet
How to log it as s summary like
RBFW2514#sh access-list
Standard IP access list 1
permit any
Extended IP access list 100
permit tcp host 199.105.182.86 eq 8292 host 192.168.3.133 eq 8277 (32930
matches)
permit udp host 199.105.182.173 eq 48130 host 192.168.3.134 eq 48130
(389 matches)
permit tcp host 199.105.182.86 eq 8292 host 192.168.3.169 eq 8277 (11972
matches)
permit udp host 199.105.182.23 eq 48129 host 192.168.3.115 eq 48129 (2
matches)
permit tcp host 199.105.182.189 eq 8194 host 192.168.3.119 eq 8198 (8603
matches)
permit tcp host 199.105.182.189 eq 8194 host 192.168.3.133 eq 8197
(15343 matches)
permit tcp host 199.105.182.190 eq 8194 host 192.168.3.119 eq 8201 (8365
matches)
==================================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht
onterecht ontvangt wordt u verzocht de inhoud niet te gebruiken en
de afzender direct te informeren door het bericht te retourneren.
==================================================================
The information contained in this message may be confidential
and is intended to be exclusively for the addressee. Should you
receive this message unintentionally, please do not use the contents
herein and notify the sender immediately by return e-mail.
==================================================================
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
