Threshold-based ACL Logging

Document

Thu, 10/27/2011 - 15:53
Oct 27th, 2011
User Badges:
  • Cisco Employee,

Posted By:

tsammut

Posted Date:

Apr 07, 2008

Category:

Security

Version:

v20080407

License:

Cisco-Style BSD

Summary:

This EEM policy provides threshold-based ACL logging functionality.

Script Modified Date:

Apr 07, 2008

Cisco IOS Version tested:

12.4T

Cisco Products Tested:

Various

Environment Variables used:

EEM_ACL_COUNTERS_INTERVAL, EEM_ACL_COUNTERS_ACL_NAME, EEM_ACL_COUNTERS_THRESHOLD

Rating Count:

0

Average Rating:

0

File Size:

2.6 KB

Script Info URL:



This EEM policy uses the Timer ED to periodically execute the 'show  access-list' command. It then parses the output from that command and  sends a syslog message if the number of matched packets is over the user  configured threshold for the configured time period.    This is a  workaround to the CPU load created by ACL logging.

Loading.

Actions

This Document