ACL logging matched packets
Using the log
or log-input
keywords at the end of an ACL permit
or deny
statement will cause informational logging of packets that match that particular statement.
The message is generated for the first packet that matches a flow. Subsequently, a message is generated at five minute intervals which includes the number of matched packets in the prior five minute interval.