log

Use this command to generate a Syslog on rule hits.

Syntax

log [entry | implicit | all]
no log [entry | implicit | all]

Parameters

entry (Optional) Specifies a sequence numbered entry to log when a hit occurs. Valid values: 1 - 5000. Default value: all
implicit (Optional) Specifies the logging of a final implicit deny hit.
all (Optional) Specifies that all hits are to be logged, including the final implicit deny.

Defaults

If no option is specified, all hits are logged, including the final implicit deny.

Mode

Configuration command, L2 ACL configuration mode.

Usage

ACL logging is throttled to 1 log message per second. If there are multiple ACL rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.

The “no” version of this command removes the last (if duplicate entries exist) or the specified (if no duplicate entries exist) log entry.

Example

This example enters configuration mode for L2 ACL list 2 and enables la detailed logging level for a final implicit deny hit:

System(rw-config)->l2 access-list list2
System(rw-cfg-l2-acl)->log implicit
System(rw-cfg-l2-acl)->