ACL Hit Counts

Similar Messages

• ACL Hit Count Expiration

  Is there a way to configure an ACL to automatically expire and delete itself after a set amount of time of not being hit. For example:
  Say I configure a specific rule permiting a specific user using a static IP address to traverse Network A and hit an application on Server X located on Network B. Six months later I forget about said user and he or she moves to another department and no longer needs access with that IP address to that server. Is there a way to configure that rule to automatically drop off if the hit count remains at 0 for longer than X amount of days?
  Thanks!

  There is no such dynamic option of deleting an ACL of not being hit by packets for a specific source/destination for a specified period of time.
  The only option you got is to use time-based ACL and set the time that you want for that source/destination traffic. Time-based ACL is as flexible as water. You can set it to use recurring time or absolute time, which is your case.
  Firewall(config)# time-range Temp_Worker
  Firewall(config-time-range)# absolute [start hh:mm day month year] [end hh:mm day month year]
  Hope this helps.
  AM

• Problem with ACLs hit counts

  Hello
  I've applied the following ACL to an interface but don't see the hit counts (e.g. something like
  30 deny tcp any any (58 hw matches)):
  RP/0/RSP0/CPU0:test#show access-lists ipv4 2020
  Fri Aug 26 09:34:48.094 HKT
  ipv4 access-list 2020
  10 deny ipv4 any host 202.146.219.55
  20 deny ipv4 any host 218.213.235.211
  30 deny ipv4 any host 116.193.159.79
  50 deny ipv4 any host 111.68.2.101
  60 deny ipv4 any host 112.121.170.43
  77 deny ipv4 host 117.211.87.202 any
  78 deny ipv4 host 202.29.220.238 any
  79 deny udp any host 218.213.92.3
  80 deny udp any host 218.213.91.45
  81 deny ipv4 host 59.42.249.51 host 218.213.91.45
  Also got the following:
  RP/0/RSP0/CPU0:test#show access-lists ipv4 2020 hardware ingress interface gigabitEthernet 0/0/0/31 sequence 81 location 0/0/CPU0
  Fri Aug 26 09:34:52.209 HKT
  The interface does not have per-interface statistics enabled
  RP/0/RSP0/CPU0:test(config-if)#ipv4 access-group 2020 ingress  interface-statisticsRP/0/RSP0/CPU0:test(config-if)#commitMon Aug  29 09:44:42.725 HKT
  % Failed to commit one or more configuration items  during a pseudo-atomic operation. All changes made have been reverted. Please  issue 'show configuration failed' from this session to view the errors
  Is there any configuration still missing?? 
  Pls help.  Thanks!

  Thanks!
  Have tried but still got the following:
  RP/0/RSP0/CPU0:test(config-if)#show config failed
  Wed Aug 31 09:41:58.730 HKT
  !! SEMANTIC ERRORS: This configuration was rejected by
  !! the system due to semantic errors. The individual
  !! errors with each failed configuration command can be
  !! found below.
  interface GigabitEthernet0/0/0/23
  ipv4 access-group 2020 ingress hardware-count interface-statistics
  !!% 'pfilter-ea' detected the 'warning' condition 'Mode mismatch.ACL has been applied in different modes on this LC - interface stats and ace stats. '
  end
  Could you let me know the reason?  Thanks again.

• Access list hit counts

   Hello Mates,
  Am getting a very rare type problem while I implement the aCL on 3850 switch
  I do get hit matches when I put a log keyword in the ACL 102
  SW#sh ip access-lists
  Extended IP access list 102
      5 permit tcp 192.168.0.0.0 0.0.255.255 196.189.80.0 0.0.0.15 eq 23 log (28 matches)
  But when I remove the log keyword then I don't get any matches.
  SW#sh ip access-lists
  Extended IP access list 102
      5 permit tcp 192.168.0.0.0 0.0.255.255 196.189.80.0 0.0.0.15 eq 23 (no matches )
  Please assist.

  To understand your issue I think it is helpful to start from the understanding that the hit count is maintained as the access list is processed in software (as is generally the case in layer 3 routers). We get a somewhat different situation in layer 3 switches. If the access list is processed in software (as is necessary when the entry includes the log parameter) then the hit count increments. But when the decision is made in hardware then the right behavior of traffic is achieved but the hit count is not incremented.
  HTH
  Rick

• Hit count in ASA

  Hi everyone,
  Need to confirm how hit count is incremented in ASA.
  I am pinging IP from PC connected to ASA  .
  PC has send 4 packets
  Here is ASA info
  ciscoasa#                                                         sh access-li$
  access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)
              alert-interval 300
  access-list ICMP; 1 elements; name hash: 0x2d2cf426
  access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=3) 0x0b307247
  ciscoasa#  ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=33 len=32
  ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335
  ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=33 len=32
  ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1
  ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=34 len=32
  ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335
  ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=34 len=32
  ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1
  ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=35 len=32
  ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335
  ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=35 len=32
  ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1
  ICMP echo request from inside:192.168.1.6 to outside:4.2.2.2 ID=1 seq=36 len=32
  ICMP echo request translating inside:192.168.1.6/1 to outside:192.168.11.2/21335
  ICMP echo reply from outside:4.2.2.2 to inside:192.168.11.2 ID=21335 seq=36 len=32
  ICMP echo reply untranslating outside:192.168.11.2/21335 to inside:192.168.1.6/1
  ciscoasa#                                                         sh access-li$
  access-list cached ACL log flows: total 1, denied 0 (deny-flow-max 4096)
              alert-interval 300
  access-list ICMP; 1 elements; name hash: 0x2d2cf426
  access-list ICMP line 1 extended permit icmp any any echo-reply log informational interval 300 (hitcnt=4) 0x0b307247
  We can see that after the ping hit count has gone from 3 to 4.
  So does  this mean that for every 4 packets sent by PC  Hit count increments with 1?
  Thanks
  Mahesh

  Yes, that is correct.
  Access-list on ASA only matches on the first connection, and the subsequent packets within the same connection will be allowed by default as it is part of the same connections. ASA is a stateful firewall so it has a state table to store the existing connections.
  Hope that helps.

• How do I show ACL hits for ACL's used in policy maps?

  Is there a way to display the hit count against ACL entries when the ACL is used for policy maps, QoS classification etc?
  The manual shows how to do this for an ACL when its attached to an interface. Also there are options for a location, it doesn't match for any of the presented locations, but does give the option for a `word' to be entered.                  

  Hi Michel,
  I have spent some time trying to figure out the syntax for this command, I see how to do it if the ACL is applied to an interface, but not if its used for a policy map or qos policy. Its not clear from the command guide.
  What do I use for location assuming this is the way to do it for this type of ACL? I have a read through the configuration guide, its not clear if I can look at these counters or not.
  Andy

• How do I add a hit counter to my website?

  How do I go about adding a hit counter to my web site?
  I am running Adobe Dreamweaver CS6.

  Humm.......hit counters are meaningless. They don't provide accurate figures of who has visited your website.
  You'd be better off putting Goolge Analytics on the site - that will give you more accurate feedback.
  If you want to just have some fun Google Web Counter - there are plenty of free resources where you can download the code needed and insert it into your websites page.
  Just grab the code and paste it where you want the counter to show up on your page (not recommended)
  http://www.simplehitcounter.com/

• How do I add a hit counter to my Gallery?

  So much I can't find instructions for on this board, in FAQ or in iWeb or iPhoto help.
  Anyone know how to add a hit counter to the gallery used when iPhoto publishes pictures?

  I still have not been able to add a hit counter to my gallery. I have no problem adding them to iWeb pages so it is frustrating that it's not as easy.

• I need Java code for a simple graphical hit counter for a webpage

  I was wondering if anybody out there could send me some code for a simple graphical hit counter for a webpage. All the sites that I've visited are garbage and of no use to me. Please help me.
  Colin

  Not as easy as you'd imagine with applets. You need some way to store the hits, usually through a file on the server. That's not gonna happen in a hurry for 2 reasons -
  - Applets can't read/write files
  - Your web server usually won't let you run programs on their machine (ie, programs that listen for socket connections from applets, then load/read/write/close a file).
  In short, no, there is no simple java solution (that I know of).
  Cheers,
  Radish21

• IWeb Hit Counter Widget

  My counting widget has disappeared from the widget list in iWeb. I deleted it from my page. How do I get it back?

  Try using the Insert->Button->Hit Counter menu option. If that fails then you might have to reinstall iWeb from the disk it came on. To do so you'll have to delete the current application and all files with "iWeb" in the file name that reside in the HD/Library/Receipts folder. Reinstall iWeb and apply the latest updaters.
  OT

• Hit Count for a KM Folder

  Hi,
  Is there any way we can track the hit count for a particular folder in KM?
  Is there any particular default event where we can listen for this?
  Helps will be appreciated...
  Regards
  BP

  Hi BP
  This is the most recent information om KM statistics by Thilo Brandt:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/7d28a67b-0c01-0010-8d9a-d7e6811377c0
  I don't know if it is possible, but I'd guess it's possible to alter that code in order to get some statistics on folder-level as well as item-level.
  Kind regards,
  Martin Søgaard

• Hit Counter For Web Site Now Working?

  I have a web site that was published with iWeb 06. I am using a domain name at GoDaddy and forwarding to .Mac using masking so the site shows with the domain name not the .Mac address. If you went to the site by entering the domain name the hit counter on the first page would not show. However, if you entered the .Mac address to go to the site the counter would show.
  Well the site was republished and upgraded with iWeb 08. Recently I noticed that the hit counter now shows regardless of how you go to the site. I was pleasantly surprised but when did this happen? Of course as others have noticed, on my .Mac home page on the side bar where the website pages are listed the counter numbers no longer show. So they took something away and gave something back?
  John

  I don't think Apple meant to take away the .Mac counter section of the .Mac page. I think it's a bug that they have yet to resolve. It would be interesting to see if anyone has asked Apple about this and if they gave a definitive answer?

• How do i get a hit counter on my site

  Hi everyone
  Im looking for a we hit counter for my site, but it seems
  like its abit more complecated than i want it to be, or am i
  getting it wrong?
  I have looked on the dreamweaver exchange, i dowloaded one
  called 'visit counter v.1.0' by felixone, and it says its on the
  server behaviours panel under the 'felixone' menu, but i cant find
  the server behaviours panel.
  Can anyone help? or does anyone have a good link to an easy
  to use one?
  Thanks

  You realise that 'hit counters' are pretty old hat and look a
  bit amateurish
  on a site these days :-)
  Check with your host, they may have a stats program that you
  can view to
  check out what hits and other information you can gather by
  the visitors to
  your site.
  If you really want a hit counter, you may be ble to find
  something at
  www.hotscripts.com
  Nadia
  Adobe® Community Expert : Dreamweaver
  CSS Templates |Tutorials |SEO Articles
  http://www.DreamweaverResources.com
  ~ Customisation Service Available ~
  http://www.csstemplates.com.au
  ~ Forum Posting Guidelines ~
  http://www.adobe.com/support/forums/guidelines.html
  CSS Tutorials for Dreamweaver:
  http://www.adobe.com/devnet/dreamweaver/css.html
  > Hi everyone
  >
  > Im looking for a we hit counter for my site, but it
  seems like its abit
  > more
  > complecated than i want it to be, or am i getting it
  wrong?
  >
  > I have looked on the dreamweaver exchange, i dowloaded
  one called 'visit
  > counter v.1.0' by felixone, and it says its on the
  server behaviours panel
  > under the 'felixone' menu, but i cant find the server
  behaviours panel.
  >
  > Can anyone help? or does anyone have a good link to an
  easy to use one?
  >
  > Thanks
  >

• Hit Counter disappeared. How can I get it back?

  I've read numerous posts re Hit Counter, but none helpful to this:
  I publish only to MobileMe and have had no problem in the past. Problem is: today I removed lots of stuff I had added to my home page during the election campaigns. To remove them, I held down the Command key and dragged through lots of the stuff to select it, then hit Delete. I did not drag through the Hit Counter, nor the Apple logo, yet both of those disappeared too. Looking at the iWeb dropdown menu for adding these items, I saw that there was still a checkmark by the Hit Counter, but not by the Apple logo. So I clicked to check the logo, and it came back on the page no problem.
  But the Hit Counter, already still checked, was nowhere to be found. I increased my footer enormously, and searched in that space... not there. Nowhere.
  Next I unchecked and then rechecked the Hit Counter item in the menu. That didn't do it.
  I hate to uncheck it and then publish, and then check it again and republish. That might work, but I'd lose my count perhaps.
  How can I get back, or simply FIND, the Hit Counter on my page? The check mark says it's there, but I can't find it anywhere, have looked under lots of things on the page... nowhere!
  Thanks, anybody who's got a clue.

  Here's the solution:
  It occurred to me to vastly increase (temporarily) the vertical size of my page. (Remember, doing this with the footer hadn't helped.) When I increased the page size to a whopping 4000, there was the counter AND the original Apple Logo. I moved them into place, then put the vertical page size back to something reasonable. The count was retained.
  Thank you, self! (Sorry this didn't occur to me before posting, but since I have seen nothing of this advice in the discussion already, perhaps this will be helpful to someone else with the same problem.)
  I'll send Apple some feedback and hope they consider adding a line or two to the iWeb Help in it's discussion of the Hit Counter, given that so many of us have encountered problems.

• Portal Users hits count on the homepage

  Hi all,
  I want to put hits count (total number of visitors) on my portal homepage, just like any other website. Don't have any idea how to do it. Can anyone guide me on this. Waiting for some quick response.
  Thanks in advance,
  Ganpati Jha

  hey ganpati .
  open your portal, login into  it.
  step1: go to tab into the top level navigation bar  System administrator --> support --> portal runtime --> browse deployment (in Test and Configuration Tools admin tools) --> download com.sap.portal.masthead.bak
  step 2:now rename that com.sap.portal.masthead.bak to com.sap.portal.masthead.par
  step3:
  now import that par file in netweaver developer studio and make the necessary changes like putting a variable to get incremented each time mast head is loaded. this way u can keep track of the number of hits.
  step4:  include .jar files of the downloaded par file to the
  for any clarification please ping again.
  reward if found useful.
  thx and regards.
  Anoop Gupta