O'Reilly logo

Cisco IOS Cookbook, 2nd Edition by Ian Brown, Kevin Dooley

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Analyzing ACL Log Entries

Problem

You want to analyze the log entries created by logging ACLs.

Solution

The Perl script in Example 19-1 parses a router syslog file and builds a detailed report of packets that were denied by logging ACLs. By default, the script will parse every ACL log message that it finds in the syslog file on a server. You can also look for messages associated with a particular ACL by specifying the ACL number or name as a command-line argument.

Example 19-1. logscan.pl

#!/usr/local/bin/perl # # logscan.pl -- a script to extract ACL logs from a syslog file. # # Set behavior $log="/var/log/cisco.log"; $ntop=10; # chomp ($acl=$ARGV[0]); if ($acl == "") { $acl=".*"}; open(LOG , "<$log") or die; while (<LOG>) { if (/IPACCESSLOGP: list $acl denied ([tcpud]+) ([0-9.]+)\(([0-9]+)\) -> ([0-9.]+)\(([0-9]+)\), ([0-9]+) /) { $x=$6; $srca{$2}+=$x; $foo=sprintf("%16s -> %16s %3s port %-6s",$2,$4,$1,$5); $moo=sprintf("%3s port %-6s",$1,$5); $quad{$foo}+=$x; $port{$moo}+=$x; } } $n=0; printf ("Connection Summary:\n"); foreach $i (sort { $quad{$b} <=> $quad{$a} } keys %quad) { if ($n++ >= $ntop) { last }; printf ("%6s:%s\n", $quad{$i},$i); } $n=0; printf ("\nDestination Port Summary:\n"); foreach $i ( sort { $port{$b} <=> $port{$a} } keys %port) { if ($n++ >= $ntop) { last }; printf ("%6s: %s\n", $port{$i},$i); } $n=0; printf ("\nSource Address Summary:\n"); foreach $i ( sort { $srca{$b} <=> $srca{$a} } keys %srca) { if ($n++ >= $ntop) { last }; printf ("%6s: %s\n", $srca{$i},$i); ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required