10-116
IPv4 Access Control Lists (ACLs)
Enable ACL “Deny” Logging
Configuring the Logging Timer
By default, the wait period for logging “deny” matches (described above in
“ACL Logging Operation”) is approximately five minutes (300 seconds). You
can manually set the wait period timer to an interval between 30 and 300
seconds, using the access-list command from the config context. This setting
is stored in the switch configuration.
Syntax: access-list logtimer <default | <30-300>>
From config context: This command sets the wait period timer
for logging “deny” messages to the SYSLOG server or other
destination device(s). The first time a packet matches an ACE
with deny and log configured, the message is sent immediately
to the destination and the switch starts a wait period of
approximately five minutes (default value). (The exact dura-
tion of the period depends on how the packets are internally
routed.) At the end of the wait period, the switch sends a single-
line summary of any additional “deny” matches for that ACE
(and any other “deny” ACEs for which the switch detected a
match). If no further log messages are generated in the wait
period, the switch suspends the timer and resets itself to send
a message as soon as a new “deny” match occurs.
• default — sets the wait period timer to 300 seconds.
• <30-300> — sets the wait period timer to the specified number
of seconds.
To Next Page
Loading...
Need help?
General