Enables Raslog messages for ACL rules with log keywords, and specifies how long the system waits before sending an ACL Raslog message.
ACL Raslogs are not enabled.
ACL policy configuration mode
When this feature is enabled, the initial Raslog message is generated at the first match for an ACL rule that includes the log keyword. Consequent Raslog messages are generated according to the current no acl-log-raslog value.
To restore the default disablement of this feature, use the no acl-log-raslog form of this command.
To restore the default 5-minute setting of this feature, use the no acl-log-raslog log-interval form of this command.
The following example enables ACL Raslogs on the device.
device# configure terminal device(config)# acl-policy device(config-acl-policy)# acl-log-raslog
The following example disables ACL Raslogs on the device.
device# configure terminal device(config)# acl-policy device(config-acl-policy)# no acl-log-raslog
The following example changes the current log-interval setting to 8 minutes.
device# configure terminal device(config)# acl-policy device(config-acl-policy)# acl-log-raslog log-interval 8
The following example restores the current log-interval setting to the default value of 5 minutes.
device# configure terminal device(config)# acl-policy device(config-acl-policy)# acl-log-raslog log-interval 8
The following output is an ACL Raslog example.
MAC ACL mac_2 permitted 1 packets on intf eth1/6 [SA:0010.1010.1001, DA:0001.0300.0500, Type:0, VLAN:101, SIP:0.0.0.0, DIP:0.0.0.0, l3_proto:none, src_port:0, dst_port:0] IP ACL v4acl denied 1 packets on intf eth1/6 [SA:0001.0300.0400,DA:0001.0300.0500, Type:800, VLAN:100, SIP:2.2.2.2, DIP:6.6.6.6, l3_proto:udp, src_port:66, dst_port:77] IPv6 ACL v6acl permitted 1 packets on intf po44 [SA:0001.0300.0400,DA:0001.0300.0500, Type:86dd, VLAN:100, SIP:fe80::201:3ff:fe00:400, DIP:3555:5555:6666:6666:7777:7777:8888:8888, l3_proto:udp, src_port:63, dst_port:63]