Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

send acl logs to syslog without having "log" in each acl statement

gavin han
Level 1
Level 1

‎10-21-2013 09:34 AM - edited ‎03-04-2019 09:22 PM

Hi All,

is it possible to send acl logs to syslog server without having "log" in each acl statement.

i.e. "permit ip any any"   -> I need to send hits (source/destionation ip/port) for this statement to syslog server without adding "log" at the end of this statement. is it possible? how to do it? i don't want to add it since "log" in acl statements eats up alot of cpu process.

Thanks.

Labels:
0 Helpful
1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

‎10-21-2013 09:43 AM

There's not a way that I'm aware of. ACL entries don't log to the buffer unless you specify the log command. As you stated, if you log everything, you'll likely kill the router. You can log them, but also rate limit the messages if you need to which I've had to do in the past in order to catch traffic going through the router that didn't match any acls.

To do that, you can enable "ip access-list log-update threshold threshold-in-msgs".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card