Cisco ACL monitoring
David Edelman
dedelman at iname.com
Thu Jan 10 21:59:15 EST 2013
Carter,
It is very out of date and the awful thing is that I still remember that ACL syntax.
Dave Edelman
On Jan 10, 2013, at 19:43, Carter Bullard <carter at qosient.com> wrote:
> Hey Craig,
> rapolicy() hasn't changed in 10 years, so If there is a new syntax, it won't support it, but we can and should add that support, no problem. If you have pointers for the syntax, I'll take a look.
>
> The way it works, very basically, is that flows are compared to the ACL list, and if there is a match / violation, then it will print out the record. The comparisons are a bit complicated to account for some of the extended rules, like completion.The rule that applies should (at least based on memory/intent) be added as a label, or it can be printed, if memory serves. The -v option reverses the logic.
>
> If that doesn't jive, definately send email !!!!
>
> Carter
>
> On Jan 10, 2013, at 6:22 PM, Craig Merchant <cmerchant at responsys.com> wrote:
>
>> Does the feature in Argus that can monitor traffic against a Cisco ACL support IOS ACLs (standard or extended) or PIX/ASA ACLs? The formats are slightly different.
>>
>> If a flow violates an ACL, how does Argus alert on that?
>>
>> Thx.
>>
>> C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130110/e0b9d0ec/attachment.html>
More information about the argus
mailing list