RE: FW: show logg

From: Jens Petter Eikeland (jenseike@start.no)
Date: Thu Feb 16 2006 - 04:22:49 GMT-3

• Next message: Popgeorgiev Nikolay: "RE: Permitting odd and even routes??"
• Previous message: Daniel O'Sheedy: "Re: Permitting odd and even routes??"
• Maybe in reply to: Jens Petter Eikeland: "FW: show logg"
• Next in thread: Jens Petter Eikeland: "Re: FW: show logg"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Tim...

This is one of my logs :
40w5d: %SEC-6-IPACCESSLOGNP: list 91 permitted 0 0.0.0.0 -> XXX.XXX.236.30,
250 packets

The access--list 91 is like this :

Standard IP access list 91 (Compiled)
    10 permit XXX.XXX.32.14 log (20 matches)
    20 permit XXX.XXX.235.128, wildcard bits 0.0.0.3 log (8825970 matches)
    30 permit XXX.XXX.236.28, wildcard bits 0.0.0.3 log (1416122 matches)
    40 permit XXX.XXX.238.8, wildcard bits 0.0.0.3 log

So if your guess is correct, this is a break of my acl??... Since there are
no access-list 91 permit any XXX.XXX.236.30 in access-list 91..

Anybody that knows this for sure?

JP

-----Original Message-----
From: Tim [mailto:ccie2be@nyc.rr.com]
Sent: 16. februar 2006 00:32
To: 'Jens Petter Eikeland'; 'Venkatesh Palani'
Cc: ccielab@groupstudy.com
Subject: RE: FW: show logg

Jens,

My guess and I emphasize that it's only a guess is that 0.0.0.0 probably
means "any" as in permit from any to x.x.x.x

Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Jens
Petter Eikeland
Sent: Wednesday, February 15, 2006 9:54 AM
To: 'Venkatesh Palani'
Cc: ccielab@groupstudy.com
Subject: RE: FW: show logg

Yes, I know that it is matching a specific access-list, that was really
cleare... what I was wandering is the "0.0.0.0" output in the line.. what
Does that mean.. I just wanted to make sure this is nothing I need to be
Aware of

jp

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Venkatesh Palani
Sent: 15. februar 2006 15:35
To: Jens Petter Eikeland
Cc: ccielab@groupstudy.com
Subject: Re: FW: show logg

*from O/p Interpretor*
**
*ERROR MESSAGE NOTIFICATIONS (if any)*

*%SEC-6-IPACCESSLOGNP (x1)*: list [chars] [chars] [dec] [IP_address]
[chars]->
[IP_address], [dec] packet[chars]

*Explanation:* A packet matching the log criteria for the given access list
has
been detected.

*Recommended Action:* No action is required.

HTH,
Venkatesh

On 2/16/06, Jens Petter Eikeland <jenseike@start.no> wrote:
>
> What does this log output mean ?
>
> 40w5d: %SEC-6-IPACCESSLOGNP: list 91 permitted 0 0.0.0.0 -> 150.100.1.1,
> 250
> packets
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Popgeorgiev Nikolay: "RE: Permitting odd and even routes??"
• Previous message: Daniel O'Sheedy: "Re: Permitting odd and even routes??"
• Maybe in reply to: Jens Petter Eikeland: "FW: show logg"
• Next in thread: Jens Petter Eikeland: "Re: FW: show logg"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Mar 01 2006 - 11:28:18 GMT-3