Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1501
Views
0
Helpful
0
Replies

Nexus 9K ACL Logging - Can I configure the logs to show the ACL name being hit?

grimdbd69
Level 1
Level 1

‎05-20-2019 07:08 AM - edited ‎02-21-2020 11:05 AM

As far as I have seen the logging for ALCs in NX-OS has somewhat to be desired! I basic logging setup for the ACLs but the logs don't show the name of the ACL that is being logged. For example, I have about 15 ACLs on my Nexus9K with only the deny statements being logged. when I look at the logs for an ACL hit it looks like this:

 

2019 May 20 07:39:07 NEXUS9K %ACLLOG-5-ACLLOG_FLOW_INTERVAL: Src IP: X.X.X.X, Dst IP: X.X.X.X, Src Port: 51301, Dst Port: 2000, Src Intf: Ethernet1/41, Protocol: "TCP"(6), Hit-count = 5

 

Sure, it is nice to see that I am getting logs from the hits, and I know they are deny hits because that's all I'm logging but there is nothing indicated which of the many ACLs is logging the hit.

Is there anyway to have the log indicate the ACL involved? It would also be really nice to see the hit counts from other entries in and ACL... anyway to see that info?

 

Thanks

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents