Logging with syslog for access-list violations ...
Adam Pearse
local unix box. This is done in order to view violations on defined access
lists using the "log" option. My question is that I can not narrow the
output from "logging trap information" to give me just the information I
want. Let me give you an example of what I want.
Right now I get this ...
Sep 20 13:15:03 206.75.5.1 167: 01:39:03: %SEC-6-IPACCESSLOGP: list 101
denied tcp 111.111.111.111(4586) -> 205.188.247.65(80), 1 packet
Sep 20 13:15:17 206.75.5.1 169: 01:39:16: %FW-6-SESS_AUDIT_TRAIL: udp
session initiator (111.111.111.111:1207) sent 56 bytes -- responder
(205.188.153.
97:4000) sent 46 bytes
What I really want to see is just the (SEC-6-IPACCESSLOGP) following
entries ...
Sep 20 13:15:03 206.75.5.1 167: 01:39:03: %SEC-6-IPACCESSLOGP: list 101
denied tcp 111.111.111.111(4586) -> 205.188.247.65(80), 1 packet
I would like to filter out all FW-6-SESS_AUDIT_TRAIL messages but I do not
know how. Can someone explain to me how to get just the SEC-6-IPACCESSLOGP
messages?
Tx
Dr Vincent C Jones PE
IOS. Consider using grep on the syslog platform and rotating the raw
logs more frequently. Most versions of grep support the "-v" option
which deletes matching lines from the output, exactly what you want...
grep -v "FW-6-SESS_AUDIT_TRAIL" /var/log/ciscolog > ~/cleanLog
Vince
In article <01bf03a4$3d4623f0$68054bce@chl0100>,
--
Dr. Vincent C. Jones, PE Expert advice and a helping hand
Computer Network Consultant for those who want to manage and
Networking Unlimited, Inc. control their networking destiny
14 Dogwood Lane, Tenafly, NJ
http://www.networkingunlimited.com
VCJ...@NetworkingUnlimited.com +1 201 568-7810 Fax: +1 201 568-6626