Enabling IPv4 ACL rules for logging

  1. Enter the configure terminal command to access global configuration mode. 
    device# configure terminal
  2. Enter the ip access-list command to create or modify an access list. 
    device(config)# ip access-list standard ip_acl_1
  3. For each ACL rule for which you need logging, include the log keyword. 
    device(conf-ipacl-std)# seq 5 permit host 10.20.33.4 log
  4. Apply the ACL that you created to the appropriate interface.
  5. (Optional) To display ACL logs, enter the show access-list log buffer command. 
    device# show access-list-log buffer
Frames Logged on interface 2/1 :
--------------------------------
Frame Received Time : Fri Dec 9 3:8:48 2011
Ethernet,       Src : (00:34:56:78:0a:ab), Dst: (00:12:ab:54:67:da)
  Ethtype             : 0x8100
  Vlan tag type       : 0x800
  VlanID              : 0x1
Internet proto, Src : 192.85.1.2, Dst: 192.0.0.1
  Interface           :
  Type of service     : 0
  Length              : 110
  Identification      : 0
  Fragmentation       : 00 00
  TTL                 : 255
  protocol            : 253
  Checksum            : 39 3a
  Payload type        :
packet(s) repeated  : 30
Ingress Deny Logged
Note

Note

If an ACL with rules that contain the log keyword is applied to the management interface, logs are not recorded for that ACL.
9037786-00 Rev AA