Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
362
Views
0
Helpful
0
Comments

Threshold-based ACL Logging

Jason Pfeifer
Cisco Employee
Cisco Employee

on ‎10-27-2011 03:52 PM

Posted By:

tsammut

Posted Date:

Apr 07, 2008

Category:

Security

Version:

v20080407

License:

Cisco-Style BSD

Summary:

This EEM policy provides threshold-based ACL logging functionality.

Script Modified Date:

Apr 07, 2008

Cisco IOS Version tested:

12.4T

Cisco Products Tested:

Various

Environment Variables used:

EEM_ACL_COUNTERS_INTERVAL, EEM_ACL_COUNTERS_ACL_NAME, EEM_ACL_COUNTERS_THRESHOLD

Rating Count:

0

Average Rating:

0

File Size:

2.6 KB

Script Info URL:

This EEM policy uses the Timer ED to periodically execute the 'show  access-list' command. It then parses the output from that command and  sends a syslog message if the number of matched packets is over the user  configured threshold for the configured time period.    This is a  workaround to the CPU load created by ACL logging.

Labels:
116247-Threshold-based_ACL_Logging.tar.gz
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents