« Create Wireshark-readable file with tcpdump  
  BGP Cease Subcode definition »

ACL log identifiers

When Access Control List Logging is activated on your Cisco device, you will see log entries like that in syslog:

Jun 14 09:49:13 RTR-1 41716: Jun 14 09:49:12.148 MEZ: %SEC-6-IPACCESSLOGP: list 120 denied udp x.x.x.x(1670) -> x.x.x.x(4808), 1 packet
Jun 16 22:14:09 RTR-1 42271: Jun 16 22:14:08.847 MEZ: %SEC-6-IPACCESSLOGDP: list 125 denied icmp x.x.x.x -> x.x.x.x (0/0), 1 packet
.
.

As you can see, there are different syslog identifiers (blue) depending on the packet being reported.

Here’s a table with valid identifiers:

Identifier v4/v6 Protocols
%SEC-6-IPACCESSLOGP IPv4 TCP (6) and UDP (17)
%SEC-6-IPACCESSLOGSP IPv4 IGMP (2)
%SEC-6-IPACCESSLOGRP IPv4 IPinIP (4), GRE (47), EIGRP (88), OSPF (89), NOSIP (94), and PIM (103)
%SEC-6-IPACCESSLOGDP IPv4 ICMP (1)
%SEC-6-IPACCESSLOGNP IPv4 Used for all other IPv4 protocols
%IPV6-6-ACCESSLOGP IPv6 TCP (6), UDP (17), and SCTP (132)
%IPV6-6-ACCESSLOGSP IPv6 TCP (6), UDP (17), SCTP (132), and ICMPv6 (58) with unknown Layer 4 information
%IPV6-6-ACCESSLOGDP IPv6 ICMPv6 (58)
%IPV6-6-ACCESSLOGNP IPv6 Used for all other IPv6 protocols

(Information taken from Cisco website)

June 18th, 2009 | Tags: , | Category: Cisco | Leave a comment

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>