Configures enhanced firewall logging
logging [icmp-all|icmp-packet-drop|malformed-packet-drop|verbose]
logging icmp-all
logging verbose
logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
logging icmp-all
| logging | Configures enhanced firewall logging parameters |
| icmp-all | Enables logging of all ICMPv4/v6 packets allowed by the firewall. This option is disabled by default. |
logging verbose
|
logging |
Configures enhanced firewall logging. This option is disabled by default. |
|
verbose |
Enables verbose logging |
logging [icmp-packet-drop|malformed-packet-drop] [all|rate-limited]
|
logging |
Configures enhanced firewall logging |
|
icmp-packet-drop |
Enables logging of ICMP (ICMPv4 and ICMPv6) packets that do not pass sanity checks. The default is none. |
|
malformed-packet-drop |
Enables logging of raw IP (IPv4 and IPv6) packets that do not pass sanity checks. The default is none. |
|
all |
Logs all messages |
|
rate-limited |
Enables rate-limited logging. This option sets the rate limit for log messages to one message every 20 seconds. |
nx9500-6C8809(config-fw-policy-testFW)#logging verbose
nx9500-6C8809(config-fw-policy-testFW)#logging icmp-packet-drop rate-limited
nx9500-6C8809(config-fw-policy-testFW)#logging malformed-packet-drop all
nx9500-6C8809(config-fw-policy-testFW)#show context firewall-policy testFW ip dos fraggle drop-only ip dos tcp-sequence-past-window drop-only ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp 16000 flow timeout udp 10000 flow timeout tcp established 1500 flow timeout other 16000 dhcp-offer-convert ipv6 routing-type two log-and-drop log-level warnings ipv6 dos hop-limit-zero drop-only alg facetime logging icmp-packet-drop rate-limited logging malformed-packet-drop all logging verbose dns-snoop entry-timeout 1200 ipv6-mac routing conflict drop-only nx9500-6C8809(config-fw-policy-testFW)#
nx9500-6C8809(config-fw-policy-test2)#show context firewall-policy test2 no ip dos tcp-sequence-past-window nx9500-6C8809(config-fw-policy-test2)#
nx9500-6C8809(config-fw-policy-test2)#logging icmp-all
nx9500-6C8809(config-fw-policy-test2)#show context firewall-policy test2 no ip dos tcp-sequence-past-window logging icmp-all nx9500-6C8809(config-fw-policy-test2)
| no |
Disables enhanced firewall logging |