- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- ACL deny logging on a 5406zl
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-24-2013 03:54 AM
01-24-2013 03:54 AM
ACL deny logging on a 5406zl
We've set up a Procurve 5406zl with recent firmware (OS: K.15.08.0013, BootROM: K.15.28) and are playing with acl logging.
Our logging setup is as follows:
Debug Logging Source IP Selection: 192.168.0.254 Destination: Logging -- 192.168.1.43 loghost Protocol = UDP Port = 514 Facility = syslog Severity = debug System Module = all-pass Priority Desc = Enabled debug types: event acl log
This seems to log properly to our syslog server.
We have several ACLs, each of which has more than one deny ACEs with 'log' set. When these are matched, we see the following in our logs:
Jan 24 11:46:51 192.168.0.254 ACL: ACL mClistCtrl:01/24/13 11:46:51 : Router ACL external-input seq#25 denied 1748 packets Jan 24 11:46:51 192.168.0.254 ACL: ACL mClistCtrl:01/24/13 11:46:51 : Router ACL external-output seq#18 denied 2 packets
These come in around every 5 minutes as a 'summary' - but we'd like to get more info on these matches.
We can obviously look at the ACE from the seq# number to see which rule matched, but we'd like to get more information on what the packet was that triggered the match (source/target address, port etc).
Are we missing something in our setup that's meaning we're not seeing this information? Or is this just how these devices log? Is there any way we can improve on the level of information logged?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2013 05:39 AM
01-26-2013 05:39 AM
Re: ACL deny logging on a 5406zl
Hi,
Provision is quite limited on the acl debugging, this is because it is a hardware process on the ASIC and any logging/debugging must pass the CPU SW of the switch, which is easily overloaded. (hence the 5 minute summaries to protect the CPU).
Not sure if you would get more output, but you can try:
debug destination logging
debug acl
Otherwise, I would simply activate a port mirror and use the good old wireshark.
Best regards,Peter