Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1037
Views
0
Helpful
1
Replies

TrustSec SGACL Logging

Rob4
Cisco Employee
Cisco Employee

‎07-24-2018 06:45 AM

I am looking at SGACL logging for a customer for monitoring TrustSec. Can someone explain what the value in the parentheses means? I thought it was the SGT values, but its definitely not the values or port numbers.  

 

*Jun 2 08:58:06.489: %C4K_IOSINTF-6-SGACLHIT: list deny_udp_src_port_log-30 Denied udp 24.0.0.23(100) -> 28.0.0.91(100), SGT8 DGT 12

 

 

Thanks for the assistance! 

Labels:
0 Helpful
1 Reply 1

jeaves@cisco.com
Cisco Employee
Cisco Employee

‎07-24-2018 07:20 AM

The log option applies to individual ACEs and causes packets that match the ACE to be logged. The first packet logged by the log keyword generates a syslog message. Subsequent log messages are generated and reported at five-minute intervals. If the logging-enabled ACE matches another packet (with characteristics identical to the packet that generated the log message), the number of matched packets is incremented (counters) and then reported.
0 Helpful
Customers Also Viewed These Support Documents