Hi,
I have an summit 670-g2 with 600-1000 dynamic ARP entry, on this core switch I've configured an ACL for log every TCP/UDP connection on an syslog:
create access-list Log-connection " source-address 0.0.0.0/0 ; destination-address 0.0.0.0/0 ;" " permit ; log ; mirror-cpu ;" application "Cli"
create access-list log-icmp " source-address 0.0.0.0/0 ; protocol icmp ; destination-address 0.0.0.0/0 ;" " permit ; log ; mirror-cpu ;" application "Cli"
configure access-list add log-icmp last priority 7 zone SYSTEM any ingress
configure access-list add Log-connection last priority 7 zone SYSTEM any ingress
The logging works and I have many connection logged on the syslog... but there are some connection not logged.
An example on 10 telnet I find on the syslog only 2 connection logged!
Someone can help me to understand why..?!!
Is the memory buffer so small?
Thanks!
