cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
318
Views
0
Helpful
1
Replies

send acl logs to syslog without having "log" in each acl statement

gavin han
Level 1
Level 1

Hi All,

is it possible to send acl logs to syslog server without having "log" in each acl statement.

i.e. "permit ip any any"   -> I need to send hits (source/destionation ip/port) for this statement to syslog server without adding "log" at the end of this statement. is it possible? how to do it? i don't want to add it since "log" in acl statements eats up alot of cpu process.

Thanks.

1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

There's not a way that I'm aware of. ACL entries don't log to the buffer unless you specify the log command. As you stated, if you log everything, you'll likely kill the router. You can log them, but also rate limit the messages if you need to which I've had to do in the past in order to catch traffic going through the router that didn't match any acls.

To do that, you can enable "ip access-list log-update threshold threshold-in-msgs".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Review Cisco Networking for a $25 gift card