Log / mirror ACL's on Egress

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Have created an ACL policy and applied to a vlan on Egress. I know you can log to mirror-cpu on ingress but not egress, but I need away to find out what is causing problems.

My ACL is written in the format of permits and an explict deny at the end.

In order to stop my ACL killing service I have changed the explict deny at the end to a explict permit, and configured a count.

I can see the count racking up, which it shouldn't as I am really only denying on a security beach.

Any ideas?

Perhaps the only method is to run a packet capture and just workout what traffic I've missed, of course logging the deny's on the rule would be a lot easier by far.

Thanks in advance.
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Martin Flammia

Martin Flammia

  • 6,006 Points 5k badge 2x thumb

Well it seems you can! My issue was that I needed the following command:

configure log filter DefaultFilter add event kern.card.info

instead of:

configure log filter DefaultFilter add event kern.info


Photo of Drew C.

Drew C., Community Manager

  • 38,610 Points 20k badge 2x thumb
Sounds like you figured this one out over the weekend.  Thanks for coming back to update the post.