The IP Access List Logging feature provides the ability to log messages about packets that are permitted or denied by an IP access list. Any packet that matches the access list logs an information message about the packet at the device console. Matched packets are kept track of in the output of the
show access-lists command as well.
This can be configured by adding the
log keyword at the end of an ACL entry. In the following example, the access list is configured to log any packets that match the deny statement:
R2(config)#access-list 100 permit tcp 18.104.22.168 0.0.0.255 host 22.214.171.124 eq 80 R2(config)#access-list 100 deny ip any any log
The output of the
show access-lists indicates the number of matched packets that have been logged:
R2#show access-lists Extended IP access list 100 10 permit tcp 126.96.36.199 0.0.0.255 host 188.8.131.52 eq www 20 deny ip any any log (1 match)