- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- acl deny & log
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2010 05:30 AM
тАО12-27-2010 05:30 AM
recently I have configured acl on two 6200yl with a "deny ip any any log" at the end. They works fine, except for log.
I cannot see any statement of acl log in the various way of logging (buffer, session and syslog server). I try to enable any other log (vrrp, lldp, security) and every one report some messages.
I controlled the statistic of the acl deny and I have a lot of packets matching the deny rule...
Some ideas?
Thank's in advance.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2010 06:42 AM
тАО12-27-2010 06:42 AM
Re: acl deny & log
you need to enable:
debug acl
yes even if it's an _explict_ deny
check the section "Enable ACL ├в Deny├в Logging" of the manual for the other details (f.e. timers)
Regards,
Antonio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-27-2010 06:56 AM
тАО12-27-2010 06:56 AM
Re: acl deny & log
thank's for the reply. Debugging was already enabled, here the show debug:
UGFNAS091# sh debug
Debug Logging
Source IP Selection: Outgoing Interface
Destination:
Memory buffer
Enabled debug types:
acl log
I have tried the vrrp and lldp log, and they works fine also to the buffer, the syslog and the session too. Only the acl log seems not to work.
In the manual a probably cause of that point to the too many log at the same time from different acls, but i'm sure is not my case :D
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2011 05:05 AM
тАО01-03-2011 05:05 AM
Re: acl deny & log
with the K_15_02_000 firmware version, the logging of the acl works correctly.
Ten points for me :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2011 05:27 AM
тАО01-03-2011 05:27 AM
Re: acl deny & log
0000:00:36:53.91 ACL mIpAclCtrl:01/03/11 14:11:03 : VLAN ACL 111 seq#999 denied
108 packets
0000:00:36:53.91 ACL mIpAclCtrl:01/03/11 14:11:03 : VLAN ACL 121 seq#999 denied
4 packets
0000:00:36:53.91 ACL mIpAclCtrl:01/03/11 14:11:03 : VLAN ACL 122 seq#999 denied
4 packets
0000:00:41:55.73 ACL mIpAclCtrl:01/03/11 14:16:05 : VLAN ACL 101 seq#999 denied
84 packets
0000:00:41:55.73 ACL mIpAclCtrl:01/03/11 14:16:05 : VLAN ACL 111 seq#999 denied
48 packets
0000:00:41:55.73 ACL mIpAclCtrl:01/03/11 14:16:05 : VLAN ACL 122 seq#999 denied
4 packets
0000:00:46:59.51 ACL mIpAclCtrl:01/03/11 14:21:09 : VLAN ACL 101 seq#999 denied
96 packets
0000:00:46:59.51 ACL mIpAclCtrl:01/03/11 14:21:09 : VLAN ACL 111 seq#999 denied
Anyone knows how can I see the detailed traffic with source/destination ip?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2011 05:53 AM
тАО01-03-2011 05:53 AM
Re: acl deny & log
strange try to start over and reconfigure logging from scratch:
logging syslog_ip
logging facility syslog
debug destination logging
debug destination session
debug acl
and lower consolidation timer:
access-list logtimer 30
This SHOULD work at least work for me =)
Regards,
Antonio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2011 06:02 AM
тАО01-03-2011 06:02 AM
Solutioni've read now your post =)
nope this is how "deny acl" logging work on procurve:
there is a wait timer before the switch send log to destination..between intervals every metch is "consolidated" as a hit count per ACL entry.
If you are trying to use logging as (near)realtime source for SEM/SIEM correlation,anomaly detection,ecc you are out of luck sorry.
Regards,
Antonio
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-03-2011 07:52 AM
тАО01-03-2011 07:52 AM
Re: acl deny & log
:-(
Thank's