Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
81828384858687888990
68 ServerIron ADX Administration Guide
53-1002434-01
Using Syslog
1
The first time an entry in an ACL denies a packet and logging is enabled for that entry, the software
generates a Syslog message and an SNMP trap. Messages for packets denied by ACLs are at the
warning level of the Syslog.
When the first Syslog entry for a packet denied by an ACL is generated, the software starts a
five-minute ACL timer. After this, the software sends Syslog messages every five minutes. The
messages list the number of packets denied by each ACL during the previous five-minute interval. If
an ACL entry does not deny any packets during the five-minute interval, the software does not
generate a Syslog entry for that ACL entry.
NOTE
For an ACL entry to be eligible to generate a Syslog entry for denied packets, logging must be
enabled for the entry. The Syslog contains entries only for the ACL entries that deny packets and
have logging enabled.
In this example, the two-line message at the bottom is the first entry, which the software
immediately generates the first time an ACL entry permits or denies a packet. In this case, an entry
in ACL 101denied a packet. The packet was a TCP packet from host 209.157.22.198 and was
destined for TCP port 80 (HTTP) on host 198.99.4.69.
When the software places the first entry in the log, the software also starts the five-minute timer for
subsequent log entries. Thus, five minutes after the first log entry, the software generates another
log entry and SNMP trap for denied packets.
In this example, the software generates the second log entry five minutes later. The second entry
indicates that the same ACL denied two packets.
The time stamp for the third entry is much later than the time stamps for the first two entries. In
this case, no ACLs denied packets for a very long time. In fact, since no ACLs denied packets during
the five-minute interval following the second entry, the software stopped the ACL log timer. The
software generated the third entry as soon as the ACL denied a packet. The software restarted the
five-minute ACL log timer at the same time. As long as at least one ACL entry permits or denies a
packet, the timer continues to generate new log entries and SNMP traps every five minutes.
Here are some examples of log messages for CLI access.
ServerIronADX(config)# show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Buffer logging: level ACDMEINW, 38 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
I=informational N=notification W=warning
Log Buffer (50 entries):
21d07h02m40s:warning:list 101 denied tcp 209.157.22.191(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets
00d07h03m30s:warning:list 101 denied tcp 209.157.22.26(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 2 packets
00d06h58m30s:warning:list 101 denied tcp 209.157.22.198(0)(Ethernet 4/18
0010.5a1f.77ed) -> 198.99.4.69(http), 1 packets