Displaying acl statistics for flow-based acls – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 55

Advertising
background image

Brocade Virtual ADX Security Guide

43

53-1003250-01

ACL logging

2

NOTE

For an ACL entry to be eligible to generate a Syslog entry for permitted or denied packets, logging
must be enabled for the entry. The Syslog contains entries only for the ACL entries that deny packets
and have logging enabled.

To display Syslog entries, enter the following command from any CLI prompt.

In this example, the two-line message at the bottom is the first entry, which the software
immediately generates the first time an ACL entry permits or denies a packet. In this case, an entry
in ACL 101 denied a packet. The packet was a TCP packet from host 10.157.22.198 and was
destined for TCP port 80 (HTTP) on host 10.99.4.69.

When the software places the first entry in the log, the software also starts the five-minute timer for
subsequent log entries. Thus, five minutes after the first log entry, the software generates another
log entry and SNMP trap for denied packets.

In this example, the software generates the second log entry five minutes later.

The time stamp for the third entry is much later than the time stamps for the first two entries. In
this case, no ACLs denied packets for a very long time. In fact, since no ACLs denied packets during
the five-minute interval following the second entry, the software stopped the ACL log timer. The
software generated the third entry as soon as the ACL denied a packet. The software restarted the
five-minute ACL log timer at the same time. As long as at least one ACL entry permits or denies a
packet, the timer continues to generate new log entries and SNMP traps every five minutes.

You can also configure the maximum number of ACL-related log entries that can be added to the
system log over a one-minute period. For example, to limit the device to 100 ACL-related syslog
entries per minute.

Virtual ADX (config)#max-acl-log-num 100

Syntax: [no] max-acl-log-num num

You can specify a number between 0 – 4096. The default is 256. Specifying 0 disables all ACL
logging.

Displaying ACL statistics for flow-based ACLs

To display ACL statistics for flow-based ACLs, enter the following command.

Virtual ADX (config)#show ip acl-traffic

======Data ACL permit/deny counters======

Virtual ADX (config)#show log

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Buffer logging: level ACDMEINW, 38 messages logged

level code: A=alert C=critical D=debugging M=emergency E=error

I=informational N=notification W=warning

Log Buffer (50 entries):

21d07h02m40s:warning:list 101 denied tcp 10.157.22.191(0)(Ethernet 4/18

0010.5a1f.77ed) -> 10.99.4.69(http), 1 event(s)

00d07h03m30s:warning:list 101 denied tcp 10.157.22.26(0)(Ethernet 4/18

0010.5a1f.77ed) -> 10.99.4.69(http), 1 event(s)

00d06h58m30s:warning:list 101 denied tcp 10.157.22.198(0)(Ethernet 4/18

0010.5a1f.77ed) -> 10.99.4.69(http), 1 event(s)

Advertising
Popular Brands
Popular manuals