Wired Intelligent Edge

last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

AOS-CX (TL.10.04.0041) DEBUG ACL_LOG logging only reveals UDP ACE details

This thread has been viewed 0 times

  • 1.  AOS-CX (TL.10.04.0041) DEBUG ACL_LOG logging only reveals UDP ACE details

    Posted Jun 08, 2020 05:04 AM

    Re: AOS-CX (TL.10.04.0041) DEBUG ACL_LOG logging only reveals UDP ACE details

     

    NO tcp or "any" ACE debug detailed logs....HIT counts show incremented counters, summaries displayed but not details.

     

    Symptoms:

     

    2020-06-08T03:33:35.453170-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10001|LOG_INFO|AMM|1/1|List WiFi-1011-IN, seq# 27 denied udp 10.96.1.142(137) -> 10.96.31.255(137) on vlan 1011, port 1/1/46, direction in

    2020-06-08T03:34:07.523881-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10001|LOG_INFO|AMM|1/1|List WiFi-1011-IN, seq# 27 denied udp 10.96.1.88(138) -> 10.96.31.255(138) on vlan 1011, port 1/1/1, direction in

    >>>>>

    HPE-AOSCX8320# show logg | incl denied | incl tcp

    NO tcp or icmp or any ACE debug detailed logs....HIT counts show incremented counters, summaries displayed but not details.

    2020-06-08T03:19:11.917163-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:22:12.902337-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:22:52.932623-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:24:18.297336-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:24:53.076505-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:26:23.118870-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:26:57.905908-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:29:03.008311-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:31:17.372158-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:32:00.398118-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:33:23.471984-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:34:05.491963-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:35:15.800238-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:36:13.326382-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:38:17.885097-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:39:00.424413-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:40:13.837777-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:40:55.761970-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:41:47.808174-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:43:09.865071-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:43:53.155390-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:45:07.938111-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:45:59.967179-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:47:04.223448-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 1 72 deny any any any log count

    2020-06-08T03:52:36.221311-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 5 72 deny any any any log count

    2020-06-08T03:58:11.446147-05:00 HPE-AOSCX8320 ops-switchd[3242]: Event|10002|LOG_INFO|AMM|1/1|WiFi-1011-IN on vlan 1011 (in): 5 72 deny any any any log count

     

    >>>>>

    Also, tried ACL logtimer at 30 and 300



  • 2.  RE: AOS-CX (TL.10.04.0041) DEBUG ACL_LOG logging only reveals UDP ACE details
    Best Answer

    Posted Jul 06, 2020 05:58 PM

    >>>ANSWER

     

    As it turns out, 10.04  (and maybe 10.03) have an ACL bug based on my exploration.

     

    TCP ESTABLISHED ACE's are LOGGING to debug.  This resets the ACL counters and subsequent TCP DENIED logged ACE's hardly ever have the headers extracted sent to the LOG because the TCP ESTABLISHED ACE send 1000's of packets to the LOG.  I removed my problematic ESTABLISHED ACE's and that then solved my LOGGING problems.