Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
734
Views
0
Helpful
1
Replies

ACL/Syslog Deny

roadracers
Level 1
Level 1

‎01-02-2018 10:23 AM - edited ‎03-03-2019 08:42 AM

Looking for a way to send ACL permit or deny hits to syslog only. We currently have a few routers that we need to monitor traffic out to the internet. We need to see what is permitted and what is denied. Currently, it is set up with a log command on the ACL. We would like this to be sent only to our SIEM device via Syslog and not fill up the log on the router.

 

Anyone have a way to do this?

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎01-02-2018 03:52 PM

Hi

 

First, before answering your question, I just want to give you an advice that logging every ACE, you might experience high CPU issues.

 

Then, by default, logging is done using level 7 (debugging). ACL logs are informational (level 6). If you configure logging buffer to level 5, you should be fine to not get acl logs into buffer but send to your syslog level 7 or 6 using logging trap command.

 

Hope that's clear !


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents