From: Danny.Andaluz@triaton-na.com
Date: Wed Aug 27 2003 - 00:28:12 GMT-3
Thanks, Larry. I'll try that.
-----Original Message-----
From: Roberts, Larry [mailto:Larry.Roberts@expanets.com]
Sent: Tuesday, August 26, 2003 11:03 PM
To: Andaluz, Danilo, Triaton/NA; ccielab@groupstudy.com
Subject: RE: Access-list logging question
Don't know why, but change your access-list to this:
Access-list 150 permit tcp host 1.1.1.1 host 1.2.2.2 gt 1 log
And you should see the ports now.
I suspect that its because your ACL doesn't require inspection of the port in use, therefore its not logged, but once again, Im just guessing.
Thanks
Larry
-----Original Message-----
From: Danny.Andaluz@triaton-na.com [mailto:Danny.Andaluz@triaton-na.com]
Sent: Tuesday, August 26, 2003 10:36 AM
To: ccielab@groupstudy.com
Subject: Access-list logging question
Hello, Group.
I'm logging all tcp traffic from the below host to the below destination. I have seen in some routers where the the log entry shows you the source and destination ports, but the log entry below shows 0. Here's what the access-list looks like:
access-list 150 permit tcp host 1.1.1.1 host 1.2.2.2 log
Aug 26 11:17:27: %SEC-6-IPACCESSLOGP: list 150 permitted tcp 1.1.1.1(0) -> 1.2.2.2(0), 20 packets
I thought it might be the application that was hiding the ports, but telnet
(23) from the same source/dest pair doesn't show up either. I see the hits on the list, but not the ports in the log entry. I also thought it might be some service turned off on the router, but nothing jumped out at me. I'm stumped. Is there a specific reason this is happening?
Thanks,
Danny
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:07 GMT-3