We are trying to get our contracts between EPGs to log the deny and permit traffic as seen within the Tenant > $tenant > Operational > Packets > L3 Permits/L3 Denys.
According to the obscure documentation it seems that one of the key things that needs to happen to send these logs to syslog is to reassign the default logging facility to "information" and enable the fabric monitoring policy. We see syslog on our syslog server, just not for the contract permits and denys. Changing the default to facility to "information" did not work and we have gone down a rabbit hole of enabling the monitoring policy in every possible place (Fabric/Fabric Access/Tenant/AP/EPG/BD) and still no luck. I don't see the messages popping up in /var/log/external/messages on the leafs either..
Solved! Go to Solution.
If you wish to start the contract logging, you need to enable the log directive under the filter chain:
Double click on the filter entry from contract subject.