1 |
On Thursday 21 April 2011 06:55:41 Mick wrote: |
2 |
> On Wednesday 20 April 2011 16:56:15 Harry Putnam wrote: |
3 |
> > Mick <michaelkintzios@×××××.com> writes: |
4 |
> > > Do you get the same condensed format when you capture the logs in your |
5 |
> > > LAN syslog server? |
6 |
> > |
7 |
> > I did not try that, but is there some reason to expect a difference? |
8 |
> |
9 |
> No, it shouldn't - after all it is the same log file that you are |
10 |
> accessing, but wasn't sure if the gui condensed what's reported to fit it |
11 |
> in the screen. |
12 |
> |
13 |
> > I have channeled logs to Syslog running on gentoo with at least 2 |
14 |
> > different routers in the past and saw no difference in the logs. |
15 |
> > |
16 |
> > Do you notice a difference? |
17 |
> |
18 |
> I do not have a Cisco router to try it just now, but could you have a look |
19 |
> at how your access lists are defined? Extended ACLs *should* show ports, |
20 |
> as long as ports are used in permit/deny statements and asked to be |
21 |
> logged; e.g. |
22 |
> |
23 |
> access-list 102 permit tcp host 10.10.10.2 eq 0 any eq 0 log |
24 |
> |
25 |
> of course IOS versions may change things, but that's how I remember it |
26 |
> worked. |
27 |
|
28 |
Ah! Here's what I found: |
29 |
|
30 |
http://blog.ioshints.info/2007/06/port-number-not-shown-in-access-list.html |
31 |
-- |
32 |
Regards, |
33 |
Mick |