Cisco ACL monitoring

David Edelman dedelman at iname.com
Thu Jan 10 21:59:15 EST 2013


Carter,

It is very out of date and the awful thing is that I still remember  that ACL syntax. 


Dave Edelman


On Jan 10, 2013, at 19:43, Carter Bullard <carter at qosient.com> wrote:

> Hey Craig,
> rapolicy() hasn't changed in 10 years, so If there is a new syntax, it won't support it, but we can and should add that support, no problem.   If you have pointers for the syntax, I'll take a look.
> 
> The way it works, very basically, is that flows are compared to the ACL list, and if there is a match / violation, then it will print out the record.  The comparisons are a bit complicated to account for some of the extended rules, like completion.The rule that applies should (at least based on memory/intent) be added as a label, or it can be printed, if memory serves.  The -v option reverses the logic.
> 
> If that doesn't jive, definately send email !!!!
> 
> Carter
> 
> On Jan 10, 2013, at 6:22 PM, Craig Merchant <cmerchant at responsys.com> wrote:
> 
>> Does the feature in Argus that can monitor traffic against a Cisco ACL support IOS ACLs (standard or extended) or PIX/ASA ACLs?  The formats are slightly different.
>>  
>> If a flow violates an ACL, how does Argus alert on that?
>> 
>> Thx.
>> 
>> C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130110/e0b9d0ec/attachment.html>


More information about the argus mailing list