Default settings, Managing deny flows, Monitoring deny flows – Cisco ASA 5505 User Manual
Page 431
 
20-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 20 Configuring Logging for Access Lists
Managing Deny Flows
Default Settings
lists the default settings for managing deny flows.
Managing Deny Flows
To configure the maximum number of deny flows and to set the interval between deny flow alert 
messages (106100), enter the following command:
To set the amount of time between syslog messages (number 106101), which identifies that the 
maximum number of deny flows was reached, enter the following command:
Monitoring Deny Flows
To monitor access lists, enter one of the following commands:
Table 20-3
Default Parameters for Managing Deny Flows
Parameters
Default
numbers
The numbers argument specifies the maximum 
number of deny flows. The default is 4096. 
secs
The secs argument specifies the time, in seconds, 
between syslog messages. The default is 300. 
Command
Purpose
access-list
deny-flow-max number
Example:
hostname(config)# access-list
deny-flow-max 3000
Sets the maximum number of deny flows.
The numbers argument specifies the maximum number, which can be 
between 1 and 4096. The default is 4096.
Command
Purpose
access-list
alert-interval secs
Example:
hostname(config)# access-list
alert-interval 200
Sets the time, in seconds, between syslog messages.
The secs argument specifies the time interval between each deny flow 
maximum message. Valid values are from 1 to 3600 seconds. The default 
is 300 seconds. 
Command
Purpose
show access-list
Displays access list entries by number.
show running-config access-list
Displays the current running access list 
configuration.