Is there a way to get, from the syslog messages, which ACE of an ACL triggered a deny?
frex, I have an object, Blocked_addresses, which contains 30 addresses. This is used in a deny in an ACL. This element of the ACL shows a bunch of hits, but no details as to which element was matched.
I don't want to search the log repository for the whole list of IPs to see which one hit, I'd like to search the syslog for the specific ACE, so I can quickly isolate those messages.
I know each ACE has it's own identifier, but do they show up in the syslog in a usable format?