Pages

Friday, June 28, 2013

Access list logs output not showing port numbers

Creating a dummy access list with logging enable and applying it on a interface for identifying the types of traffic tranversing the network is a quick and easy method. But it hit me that all the system message don't show the port numbers.

 *Mar 1 01:47:04.879: %SEC-6-IPACCESSLOGP: list DREAMCATCHER permitted tcp 10.1.1.3(0) -> 2.2.2.2(0), 3 packets

Dummy access list applied on the router :
ip access-list extended DREAMCATCHER
 permit ip any any log

As explained on ioshint.info - "unless a line in the IP ACL matches on the layer-4 port numbers, the router does not inspect them; the log action thus has no port number to show in the syslog printout."

I modified the access list to :
ip access-list extended DREAMCATCHER
 permit udp any gt 0 any gt 0 log
 permit tcp any gt 0 any gt 0 log

Voila! may there be port numbers

*Mar 1 02:09:53.403: %SEC-6-IPACCESSLOGP: list DREAMCATCHER permitted tcp 10.1.1.3(53147) -> 2.2.2.2(80), 1 packet

No comments:

Post a Comment