Log / mirror ACL's on Egress


Userlevel 5
Have created an ACL policy and applied to a vlan on Egress. I know you can log to mirror-cpu on ingress but not egress, but I need away to find out what is causing problems.

My ACL is written in the format of permits and an explict deny at the end.

In order to stop my ACL killing service I have changed the explict deny at the end to a explict permit, and configured a count.

I can see the count racking up, which it shouldn't as I am really only denying on a security beach.

Any ideas?

Perhaps the only method is to run a packet capture and just workout what traffic I've missed, of course logging the deny's on the rule would be a lot easier by far.

Thanks in advance.

2 replies

Userlevel 5
Well it seems you can! My issue was that I needed the following command:

configure log filter DefaultFilter add event kern.card.info[/code]instead of:

configure log filter DefaultFilter add event kern.info[/code]
Userlevel 7
Martin Flammia wrote:

Well it seems you can! My issue was that I needed the following command:

configure log filter DefaultFilter add event kern.card.info[/code]instead of:

configure log filter DefaultFilter add event kern.info[/code]

Sounds like you figured this one out over the weekend. Thanks for coming back to update the post.

Reply