ACL logging matched packets
log-input keywords at the end of an ACL
deny statement will cause informational logging of packets that match that particular statement.
The message is generated for the first packet that matches a flow. Subsequently, a message is generated at five minute intervals which includes the number of matched packets in the prior five minute interval.