ACL Log

  • 0
  • 1
  • Question
  • Updated 6 months ago
  • Answered
Hi,
I've configured an ACL on our Extreme Summit 670 core switch for log connection inside our network.
This is the ACL config:
create access-list Log-connection " source-address 172.26.8.0/21 ; destination-address 172.26.8.0/21 ;" " permit  ; log  ; mirror-cpu  ;" application "Cli"
Applied to all VLAN and all port:

configure access-list add Log-connection last priority 0 zone SYSTEM any ingress
I've redirect all log to my NMS syslogd but I have fear about the switch harddrive.
Someone know where this log is stored on the switch?
Thanks,

Paolo Trivisonno
Photo of Paolo Trivisonno

Paolo Trivisonno

  • 70 Points

Posted 6 months ago

  • 0
  • 1
Photo of Necheporenko, Nikolay

Necheporenko, Nikolay, Employee

  • 1,600 Points 1k badge 2x thumb
Hello Paolo,

You have to enable log events additionally, please check the article for more details - https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-Capture-received-packets-using-an-A...

Best Regards,
Nikolay
Photo of Paolo Trivisonno

Paolo Trivisonno

  • 162 Points 100 badge 2x thumb
Yes, I've configured the ACL after read this post.. the ACL log works.. I saw log on the switch and on my syslog.
The question is another.. where is stored the log on the switch?
We have many traffic 172.26.8.0/21 -> 172.26.8.0/21 logged..
I'm afraid with this ACL the log can fill all drive/memory..
How I can check the log size? Where is stored?
Thanks

King Regards
Paolo Trivisonno
Photo of Necheporenko, Nikolay

Necheporenko, Nikolay, Employee

  • 1,600 Points 1k badge 2x thumb
In your case log events are stored at the memory-buffer, default buffer size is 1000 messages then the old one will be overwritten.

X70G2.1 # sh log configuration 
Debug-Mode: Enabled

Log Target      : memory-buffer
    Enabled     : yes
    Filter Name : DefaultFilter
    Match regex : Any
    Severity    : Debug-Data (through Critical)
    Format      : MM/DD/YYYY HH:MM:SS.hh <Severity:Component.SubComponent.Condition> 
    Buffer size  : 1000 messages
    Percent Full : 55%
    Full Alert   : None

Best Regards,
Nikolay