You can't borrow my rack: Access list logs output not showing port numbers

Creating a dummy access list with logging enable and applying it on a interface for identifying the types of traffic tranversing the network is a quick and easy method. But it hit me that all the system message don't show the port numbers.

*Mar 1 01:47:04.879: %SEC-6-IPACCESSLOGP: list DREAMCATCHER permitted tcp 10.1.1.3(0) -> 2.2.2.2(0), 3 packets

Dummy access list applied on the router :

ip access-list extended DREAMCATCHER
 permit ip any any log

As explained on ioshint.info - "unless a line in the IP ACL matches on the layer-4 port numbers, the router does not inspect them; the log action thus has no port number to show in the syslog printout."

I modified the access list to :

ip access-list extended DREAMCATCHER
 permit udp any gt 0 any gt 0 log
 permit tcp any gt 0 any gt 0 log

Voila! may there be port numbers

*Mar 1 02:09:53.403: %SEC-6-IPACCESSLOGP: list DREAMCATCHER permitted tcp 10.1.1.3(53147) -> 2.2.2.2(80), 1 packet

You can't borrow my rack

Pages

Friday, June 28, 2013

Access list logs output not showing port numbers

No comments:

Post a Comment