ACL logging

ACL logs can provide insight into permitted and denied network traffic.

If an ACL rule matches a packet, the software generates a syslog entry and an SNMP trap; and starts a five-minute timer. The timer keeps track of all packets that match the ACL entries. After about five minutes, the software generates a syslog entry reporting the matches.

Note the following details:
  • If the packet rate is high—exceeding the CPU processing rate—the packet count may be inaccurate.
  • If there are no matches within the five-minute timer interval, the timer stops, restarting with the next match.
  • The timer for logging packets denied by MAC address filters is a different timer than the ACL logging timer.