Cisco ACL monitoring
Carter Bullard
carter at qosient.com
Thu Jan 10 19:43:12 EST 2013
Hey Craig,
rapolicy() hasn't changed in 10 years, so If there is a new syntax, it won't support it, but we can and should add that support, no problem. If you have pointers for the syntax, I'll take a look.
The way it works, very basically, is that flows are compared to the ACL list, and if there is a match / violation, then it will print out the record. The comparisons are a bit complicated to account for some of the extended rules, like completion.The rule that applies should (at least based on memory/intent) be added as a label, or it can be printed, if memory serves. The -v option reverses the logic.
If that doesn't jive, definately send email !!!!
Carter
On Jan 10, 2013, at 6:22 PM, Craig Merchant <cmerchant at responsys.com> wrote:
> Does the feature in Argus that can monitor traffic against a Cisco ACL support IOS ACLs (standard or extended) or PIX/ASA ACLs? The formats are slightly different.
>
> If a flow violates an ACL, how does Argus alert on that?
>
> Thx.
>
> C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130110/8531b0c8/attachment.html>
More information about the argus
mailing list