Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1258
  • Last Modified:

Cisco Logging Problem

I am trying to log everything on my cisco 3560 but i have 2 problems

1. Cisco does not send all logs to kiwi server for ex.
      10 permit ip any any log (958894 matches)
it shows 958894 log but kiwi get only 500

2. Cisco log every call as come to 0 port as given below why it does not get port numbers correctly
*Mar 23 12:50:41.453: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.90.98(0) -> 77.223.156.230(0), 1 packet
*Mar 23 12:50:42.460: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.9.226.13(0) -> 77.223.156.213(0), 1 packet
*Mar 23 12:50:43.467: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.235.182.182(0) -> 77.223.156.200(0), 1 packet
*Mar 23 12:50:44.557: %SEC-6-IPACCESSLOGP: list 101 permitted udp 124.90.130.184(0) -> 77.223.156.156(0), 1 packet
*Mar 23 12:50:45.564: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.235.182.182(0) -> 77.223.156.200(0), 1 packet
*Mar 23 12:50:46.570: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 62.53.241.2(0) -> 77.223.156.159(0), 1 packet
*Mar 23 12:50:47.577: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.7.64.211(0) -> 77.223.156.4(0), 1 packet
*Mar 23 12:50:48.584: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.161.195(0) -> 77.223.156.197(0), 1 packet
*Mar 23 12:50:49.590: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.252.102.3(0) -> 77.223.156.194(0), 1 packet
*Mar 23 12:50:50.597: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.240.187.72(0) -> 77.223.156.197(0), 1 packet
*Mar 23 12:50:51.604: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.251.160.47(0) -> 77.223.156.180(0), 1 packet
*Mar 23 12:50:52.610: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 205.196.178.106(0) -> 77.223.156.153(0), 1 packet
*Mar 23 12:50:53.617: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.7.230.148(0) -> 77.223.156.211(0), 1 packet
*Mar 23 12:50:54.623: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.107.209.230(0) -> 77.223.156.158(0), 1 packet
*Mar 23 12:50:55.630: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.3.187(0) -> 77.223.156.2(0), 1 packet
*Mar 23 12:50:56.637: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 81.214.161.46(0) -> 77.223.156.212(0), 1 packet
*Mar 23 12:50:57.652: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.7.230.148(0) -> 77.223.156.211(0), 1 packet
*Mar 23 12:50:58.658: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.226.83.147(0) -> 77.223.156.197(0), 1 packet
*Mar 23 12:50:59.665: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.3.187(0) -> 77.223.156.2(0), 1 packet
*Mar 23 12:51:00.672: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 46.104.101.230(0) -> 77.223.156.210(0), 1 packet
*Mar 23 12:51:01.678: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.224.17.11(0) -> 77.223.156.197(0), 1 packet
*Mar 23 12:51:02.685: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.246.191.19(0) -> 77.223.156.196(0), 1 packet
*Mar 23 12:51:03.692: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.3.187(0) -> 77.223.156.2(0), 1 packet
*Mar 23 12:51:04.707: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.238.30.210(0) -> 77.223.156.194(0), 1 packet
*Mar 23 12:51:05.722: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.9.108.53(0) -> 77.223.156.213(0), 1 packet
*Mar 23 12:51:06.728: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 178.243.157.198(0) -> 77.223.156.158(0), 1 packet
*Mar 23 12:51:07.735: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.179.157.206(0) -> 77.223.156.158(0), 1 packet
*Mar 23 12:51:08.741: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 94.123.87.71(0) -> 77.223.156.211(0), 1 packet
*Mar 23 12:51:09.748: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.240.138.142(0) -> 77.223.156.230(0), 1 packet
*Mar 23 12:51:10.755: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.238.159.148(0) -> 77.223.156.212(0), 1 packet
*Mar 23 12:51:11.761: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.187.77.27(0) -> 77.223.156.211(0), 1 packet
*Mar 23 12:51:12.768: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.244.46.249(0) -> 77.223.156.197(0), 1 packet
*Mar 23 12:51:13.775: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 122.128.73.1(0) -> 77.223.156.153(0), 1 packet
*Mar 23 12:51:14.781: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 92.44.150.197(0) -> 77.223.156.211(0), 1 packet
*Mar 23 12:51:15.788: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.177.215(0) -> 77.223.156.4(0), 1 packet
*Mar 23 12:51:16.795: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.240.187.72(0) -> 77.223.156.197(0), 1 packet

Open in new window

0
3XLcom
Asked:
3XLcom
2 Solutions
 
jgibbarCommented:
Have you checked that you are logging the correct facility level to the Kiwi Server? Can you post the output of show logging to see what severity levels are being sent to the Kiwi Server?

This website has a good table that will show you what level logs which type of event:

http://www.cisco.com/en/US/docs/ios/12_0/configfun/configuration/guide/fctroubl.html#wp5015
0
 
3XLcomAuthor Commented:
This is a sample log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.



No Inactive Message Discriminator.


    Console logging: disabled
    Monitor logging: disabled
    Buffer logging:  level debugging, 3122 messages logged, xml disabled,
                     filtering disabled
    Exception Logging: size (4096 bytes)
    Count and timestamp logging messages: disabled
    File logging: disabled
    Persistent logging: disabled

No active filter modules.

    Trap logging: level informational, 11366 message lines logged
        Logging to 77.223.156.25  (udp port 514,  audit disabled,
              authentication disabled, encryption disabled, link up),
              4791 message lines logged, 
              0 message lines rate-limited, 
              0 message lines dropped-by-MD, 
              xml disabled, sequence number disabled
              filtering disabled

Log Buffer (16386 bytes):
permitted tcp 178.216.70.15(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:00:09.375 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.169.239.208(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:10.382 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.238.91.57(0) -> 77.223.156.218(0), 1 packet
*Mar 23 14:00:11.388 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.245.212.158(0) -> 77.223.156.196(0), 1 packet
*Mar 23 14:00:12.395 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 210.172.140.254(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:13.418 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.108.4.154(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:00:14.442 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 66.249.72.139(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:15.448 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.160.204.1(0) -> 77.223.156.212(0), 1 packet
*Mar 23 14:00:16.455 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 81.214.241.123(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:17.462 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.246.191.19(0) -> 77.223.156.196(0), 1 packet
*Mar 23 14:00:18.468 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 82.166.112.94(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:00:19.475 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.191.194.64(0) -> 77.223.156.212(0), 1 packet
*Mar 23 14:00:20.507 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 94.208.150.235(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:00:21.203 UTC: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3733 packets
*Mar 23 14:00:21.572 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.177.92.233(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:00:22.595 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 77.223.94.88(0) -> 77.223.156.109(0), 1 packet
*Mar 23 14:00:23.610 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.66.113(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:00:24.651 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 91.153.114.19(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:00:25.666 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.237.80.224(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:26.689 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.232.198.238(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:27.696 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.244.46.249(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:28.736 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.202.60(0) -> 77.223.156.222(0), 1 packet
*Mar 23 14:00:29.776 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 217.131.54.240(0) -> 77.223.156.190(0), 1 packet
*Mar 23 14:00:30.783 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 81.214.241.123(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:31.789 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.249.53.93(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:32.796 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.102.74.196(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:33.803 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 94.208.150.235(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:00:34.809 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 62.212.84.149(0) -> 77.223.156.219(0), 1 packet
*Mar 23 14:00:35.816 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 77.251.124.150(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:36.823 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.9.155.27(0) -> 77.223.156.200(0), 1 packet
*Mar 23 14:00:37.829 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 97.67.51.46(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:00:38.836 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.168.14.90(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:39.842 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.250.59.51(0) -> 77.223.156.198(0), 1 packet
*Mar 23 14:00:40.849 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.3.187(0) -> 77.223.156.2(0), 1 packet
*Mar 23 14:00:41.856 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.165.195.123(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:42.871 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.164.20.249(0) -> 77.223.156.191(0), 1 packet
*Mar 23 14:00:43.886 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.237.79.179(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:44.892 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 94.120.47.220(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:00:45.907 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.134.79.139(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:00:46.948 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 118.174.90.10(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:00:47.963 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.237.201.226(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:48.969 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 81.214.225.229(0) -> 77.223.156.187(0), 1 packet
*Mar 23 14:00:49.976 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.97.254.197(0) -> 77.223.156.222(0), 1 packet
*Mar 23 14:00:50.983 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.244.150.245(0) -> 77.223.156.198(0), 1 packet
*Mar 23 14:00:52.023 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.233.233.35(0) -> 77.223.156.222(0), 1 packet
*Mar 23 14:00:53.080 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.107.96.54(0) -> 77.223.156.218(0), 1 packet
*Mar 23 14:00:54.111 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.224.17.11(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:55.143 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.178.218.238(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:00:56.183 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 81.214.241.123(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:00:57.207 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.227.228.12(0) -> 77.223.156.191(0), 1 packet
*Mar 23 14:00:58.247 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.170.83.7(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:00:59.287 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.174.42.156(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:01:00.311 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.174.213.128(0) -> 77.223.156.187(0), 1 packet
*Mar 23 14:01:01.317 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.253.37.67(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:02.332 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.167.43.110(0) -> 77.223.156.190(0), 1 packet
*Mar 23 14:01:03.364 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.162.118.234(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:04.388 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.7.140.186(0) -> 77.223.156.187(0), 1 packet
*Mar 23 14:01:05.428 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 212.253.66.82(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:06.451 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 173.252.233.93(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:01:07.458 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 86.96.195.128(0) -> 77.223.156.154(0), 1 packet
*Mar 23 14:01:08.464 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 205.196.178.106(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:01:09.488 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.191.122.142(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:10.494 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 86.96.195.128(0) -> 77.223.156.159(0), 1 packet
*Mar 23 14:01:11.501 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.234.230(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:12.524 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 62.61.162.199(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:01:13.531 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.250.28.93(0) -> 77.223.156.199(0), 1 packet
*Mar 23 14:01:14.538 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 94.54.165.27(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:01:15.544 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.240.185.254(0) -> 77.223.156.172(0), 1 packet
*Mar 23 14:01:16.568 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.187.200.113(0) -> 77.223.156.230(0), 1 packet
*Mar 23 14:01:17.591 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 108.62.70.138(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:01:18.615 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.189.19.100(0) -> 77.223.156.154(0), 1 packet
*Mar 23 14:01:19.638 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.252.139.129(0) -> 77.223.156.230(0), 1 packet
*Mar 23 14:01:20.653 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.242.173.48(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:21.232 UTC: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3670 packets
*Mar 23 14:01:21.668 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.107.107.22(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:01:22.675 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 178.245.147.230(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:23.681 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.162.84.85(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:01:24.688 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.173.176.55(0) -> 77.223.156.230(0), 1 packet
*Mar 23 14:01:25.695 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.180.129.22(0) -> 77.223.156.218(0), 1 packet
*Mar 23 14:01:26.701 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.188.105.109(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:01:27.708 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.245.243.215(0) -> 77.223.156.198(0), 1 packet
*Mar 23 14:01:28.731 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.171.0.237(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:01:29.763 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 217.131.54.240(0) -> 77.223.156.190(0), 1 packet
*Mar 23 14:01:30.795 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.242.134.32(0) -> 77.223.156.214(0), 1 packet
*Mar 23 14:01:31.818 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 212.253.101.164(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:32.825 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 94.54.86.173(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:01:33.832 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 178.211.35.173(0) -> 77.223.156.164(0), 1 packet
*Mar 23 14:01:34.855 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.250.28.93(0) -> 77.223.156.199(0), 1 packet
*Mar 23 14:01:35.862 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.161.195(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:36.885 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.13.62.208(0) -> 77.223.156.154(0), 1 packet
*Mar 23 14:01:37.892 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.170.83.7(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:38.915 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.10.96.35(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:01:39.922 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.108.240.7(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:40.928 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.187.76.173(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:41.935 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.191.232.102(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:01:42.942 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.250.59.51(0) -> 77.223.156.198(0), 1 packet
*Mar 23 14:01:43.948 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.207.19(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:44.955 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.237.50.122(0) -> 77.223.156.230(0), 1 packet
*Mar 23 14:01:45.978 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 211.160.48.86(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:01:46.993 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 94.208.150.235(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:01:48.101 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.110.148.161(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:01:49.149 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.10.227.171(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:50.173 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.161.3.187(0) -> 77.223.156.2(0), 1 packet
*Mar 23 14:01:51.179 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.162.55.81(0) -> 77.223.156.207(0), 1 packet
*Mar 23 14:01:52.203 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.187.200.113(0) -> 77.223.156.230(0), 1 packet
*Mar 23 14:01:53.293 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 217.131.240.230(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:01:54.300 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 66.249.72.101(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:01:55.306 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.170.83.7(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:01:56.313 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 95.134.79.139(0) -> 77.223.156.153(0), 1 packet
*Mar 23 14:01:57.328 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.106.94.228(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:01:58.343 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.87.139(0) -> 77.223.156.218(0), 1 packet
*Mar 23 14:01:59.358 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.177.230.18(0) -> 77.223.156.194(0), 1 packet
*Mar 23 14:02:00.373 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.181.104.178(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:02:01.380 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.189.19.100(0) -> 77.223.156.154(0), 1 packet
*Mar 23 14:02:02.386 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.251.66.63(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:02:03.410 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 94.19.178.229(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:02:04.425 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 91.153.114.19(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:02:05.440 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.249.53.93(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:02:06.446 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.162.84.85(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:02:07.453 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.240.221.171(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:02:08.460 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.96.168.138(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:02:09.466 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.231.70.36(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:02:10.473 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.177.151.152(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:02:11.480 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 210.172.140.254(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:02:12.503 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 92.44.31.109(0) -> 77.223.156.211(0), 1 packet
*Mar 23 14:02:13.518 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 188.235.137.162(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:02:14.533 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 46.106.140.91(0) -> 77.223.156.158(0), 1 packet
*Mar 23 14:02:15.540 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.242.52.164(0) -> 77.223.156.164(0), 1 packet
*Mar 23 14:02:16.546 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 86.96.195.128(0) -> 77.223.156.159(0), 1 packet
*Mar 23 14:02:17.553 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.167.78.251(0) -> 77.223.156.214(0), 1 packet
*Mar 23 14:02:18.568 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 213.153.181.165(0) -> 77.223.156.197(0), 1 packet
*Mar 23 14:02:19.617 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.96.245.254(0) -> 77.223.156.4(0), 1 packet
*Mar 23 14:02:20.640 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.245.212.158(0) -> 77.223.156.196(0), 1 packet
*Mar 23 14:02:21.261 UTC: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 3848 packets
*Mar 23 14:02:21.663 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted udp 41.221.184.76(0) -> 77.223.156.152(0), 1 packet
*Mar 23 14:02:22.670 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.251.42.46(0) -> 77.223.156.198(0), 1 packet
*Mar 23 14:02:23.710 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.243.190.234(0) -> 77.223.156.162(0), 1 packet
*Mar 23 14:02:24.717 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 78.162.55.81(0) -> 77.223.156.207(0), 1 packet
*Mar 23 14:02:25.723 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 88.242.134.32(0) -> 77.223.156.214(0), 1 packet
*Mar 23 14:02:26.780 UTC: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 85.102.6.62(0) -> 77.223.156.197(0), 1 packet

Open in new window

0
 
Istvan KalmarCommented:
Hi,

I advise to disable logging all packets, because it cause CPU throtting, I thing it caused 500 hit for kiwi....

Plase se:

sh proccess cpu history
0
 
mikebernhardtCommented:
Regarding port 0: If your access list isn't filtering on ports, I don't know if the log is going to show you the ports because the router isn't looking that deep. I'm not sure though. You could try adding Layer 4 to the access list entry and see if that changes the logging output:
10 permit tcp any any log
20 permit ip any any log
0
 
3XLcomAuthor Commented:
Thanks for both advice
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now