From: Roberts, Larry (Larry.Roberts@expanets.com)
Date: Wed Aug 27 2003 - 00:02:33 GMT-3
Don't know why, but change your access-list to this:
Access-list 150 permit tcp host 1.1.1.1 host 1.2.2.2 gt 1 log
And you should see the ports now.
I suspect that its because your ACL doesn't require inspection of the port
in use, therefore its not logged, but once again, Im just guessing.
Thanks
Larry
-----Original Message-----
From: Danny.Andaluz@triaton-na.com [mailto:Danny.Andaluz@triaton-na.com]
Sent: Tuesday, August 26, 2003 10:36 AM
To: ccielab@groupstudy.com
Subject: Access-list logging question
Hello, Group.
I'm logging all tcp traffic from the below host to the below destination. I
have seen in some routers where the the log entry shows you the source and
destination ports, but the log entry below shows 0. Here's what the
access-list looks like:
access-list 150 permit tcp host 1.1.1.1 host 1.2.2.2 log
Aug 26 11:17:27: %SEC-6-IPACCESSLOGP: list 150 permitted tcp 1.1.1.1(0) ->
1.2.2.2(0), 20 packets
I thought it might be the application that was hiding the ports, but telnet
(23) from the same source/dest pair doesn't show up either. I see the hits
on the list, but not the ports in the log entry. I also thought it might be
some service turned off on the router, but nothing jumped out at me. I'm
stumped. Is there a specific reason this is happening?
Thanks,
Danny
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:07 GMT-3