This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Log / mirror ACL's on Egress

Log / mirror ACL's on Egress

Anonymous
Not applicable

‎08-21-2015 08:03 AM

Have created an ACL policy and applied to a vlan on Egress. I know you can log to mirror-cpu on ingress but not egress, but I need away to find out what is causing problems.

My ACL is written in the format of permits and an explict deny at the end.

In order to stop my ACL killing service I have changed the explict deny at the end to a explict permit, and configured a count.

I can see the count racking up, which it shouldn't as I am really only denying on a security beach.

Any ideas?

Perhaps the only method is to run a packet capture and just workout what traffic I've missed, of course logging the deny's on the rule would be a lot easier by far.

Thanks in advance.
0 Kudos
2 REPLIES 2

Anonymous
Not applicable

‎08-24-2015 10:40 AM

Well it seems you can! My issue was that I needed the following command:

configure log filter DefaultFilter add event kern.card.infoinstead of:

configure log filter DefaultFilter add event kern.info

0 Kudos

Drew_C
Valued Contributor III
In response to Anonymous

‎08-24-2015 10:40 AM

Sounds like you figured this one out over the weekend. Thanks for coming back to update the post.
0 Kudos
GTM-P2G8KFN