topic TrustSec SGACL Logging in Network Access Control

TrustSec SGACL Logging

Rob4 — Tue, 24 Jul 2018 13:45:47 GMT

I am looking at SGACL logging for a customer for monitoring TrustSec. Can someone explain what the value in the parentheses means? I thought it was the SGT values, but its definitely not the values or port numbers.

*Jun 2 08:58:06.489: %C4K_IOSINTF-6-SGACLHIT: list deny_udp_src_port_log-30 Denied udp 24.0.0.23(100) -> 28.0.0.91(100), SGT8 DGT 12

Thanks for the assistance!

Re: TrustSec SGACL Logging

jeaves@cisco.com — Tue, 24 Jul 2018 14:20:48 GMT

The log option applies to individual ACEs and causes packets that match the ACE to be logged. The first packet logged by the log keyword generates a syslog message. Subsequent log messages are generated and reported at five-minute intervals. If the logging-enabled ACE matches another packet (with characteristics identical to the packet that generated the log message), the number of matched packets is incremented (counters) and then reported.