Is it possible e.g. to mark packets for a specific ACL?
if all the ACL marked to Log keyword used, then all will be mixed, i do not believe any specific can be done, instead you can send the Logs to syslog server and make own scripts to standardise them as per the requirement, is this what you intend to do ?
@balaji.bandiI am currently sending logs to ELK (logstash), but I cannot show which packet is from which ACL.
A given log item has: Src. adr, Dest adr, Src port, Dest port, Src Interface and creation time.
@Georg Pauwen show logging ip access-list cache [detail] | ?
after pipe i cannot type acl
show logging ip access-list cache detail | ? awk Mini AWK cut Print selected parts of lines. diff Show difference between current and previous invocation (creates temp files: remove them with 'diff-clean' command and dont use it on commands with big outputs, like 'show tech'!) egrep Egrep - print lines matching a pattern email Email command output grep Grep - print lines matching a pattern head Display first lines human Output in human format json Output in json format json-pretty Output in json pretty print format last Display last lines less Filter for paging no-more Turn-off pagination for command output section Show lines that include the pattern as well as the subsequent lines that are more indented than matching line sed Stream Editor sort Stream Sorter tr Translate, squeeze, and/or delete characters uniq Discard all but one of successive identical lines vsh The shell that understands cli command wc Count words, lines, characters xml Output in xml format (according to .xsd definitions) xmlin Convert CLI show commands to their XML formats xmlout Output in xml format (according to the latest .xsd version) begin Begin with the line that matches count Count number of lines end End with the line that matches exclude Exclude lines that match include Include lines that match