Access-list Reporting

Access-list Reporting

Post by MORRIS AJA » Mon, 21 Sep 1998 04:00:00



Does anyone have ideas about generating reports for access-lists on a
router. Reports such as addresses which are processed by the access-list
and the results such as forwarded or denied.

Any ideas would be much appreciated.

Regards
Ajay

 
 
 

Access-list Reporting

Post by Tom Lawrenc » Mon, 21 Sep 1998 04:00:00


Quote:>Does anyone have ideas about generating reports for access-lists on a
>router. Reports such as addresses which are processed by the access-list
>and the results such as forwarded or denied.

Sure - using 10.3 or above, place the 'log' keyword after each line in your
access-list.  The router will then log any packet that matches that line of
the access-list.  You can then set the router up to log to a syslog host.
Be careful, though - usually people only log exceptions to a list (packets
that are denied), rather than log every packet.  Depending on how much
horsepower you have under the hood, you could put your router into a
graveyard spiral if you ask it to log every packet it processes.

Hope this helps

-Tom

 
 
 

Access-list Reporting

Post by Kent Hundle » Tue, 22 Sep 1998 04:00:00


Use the keyword 'log' at the end of your ACL and use a syslog server. You
can then cut and paste from you syslog server into whatever format you wish.

Be aware that could get a LOT of information depending on your ACL.

HTH,
Kent Hundley


Quote:>Does anyone have ideas about generating reports for access-lists on a
>router. Reports such as addresses which are processed by the access-list
>and the results such as forwarded or denied.

>Any ideas would be much appreciated.

>Regards
>Ajay

 
 
 

Access-list Reporting

Post by Mike Dea » Wed, 23 Sep 1998 04:00:00


Adding the log option to any access-list line will log all packets that
match that line to your syslog server (assuming syslog is setup).

However,  I do not know of any program that will parse a log file of ACL
lines and generate reports.  Also remember that you must put the log option
on any line that you wish to log, it is not a "global" option.

Mike


>Does anyone have ideas about generating reports for access-lists on a
>router. Reports such as addresses which are processed by the access-list
>and the results such as forwarded or denied.

>Any ideas would be much appreciated.

>Regards
>Ajay

 
 
 

Access-list Reporting

Post by Lorens Kock » Thu, 24 Sep 1998 04:00:00



Quote:

>However,  I do not know of any program that will parse a log file of ACL
>lines and generate reports.

Coming soon :-)  It's an incidental benefit of the "reading
access lists" announced on

http://www.solsoft.com/news/ciscoworks2000.html

Sorry, couldn't resist.

--
#include <std_disclaim.h>                          Lorens Kockum

 
 
 

1. Access List Report for Cisco PIX

Does anyone know of any scripts that can produce in report form an
access list from a PIX.  I have worked with Checkpoint also and I know
there were several PERL scripts that would take a CheckPoint rulebase
and create a nice html based report.  Any help would be appreciated
before I consider taking the task on myself.

DM
Johnson Controls
Milwaukee, WI

2. XP Menus

3. Host routes+access-list vs access-list alone

4. difference between MEM1600-16D and MEM-1X16D??

5. standar access-list->access-list 1 permit ip 1.1.1.1 ?

6. ACT & X-10 controls

7. prefix-list vs access-list->at least one "permit"

8. Specified e-mail

9. Including access-lists in access-lists

10. Unkown service types listed by access-list logging

11. ip access-lists really mac access-lists?

12. Access-lists DO work (was : access-lists NOT working)

13. access-list addition blocking access to web server !?!