Enabling Acl Logging On The Switch - HP 2530 Manual Supplement

Example 50 Content of messages generated by an ACL-deny action
Example of subsequent deny events detected by the switch for the same ACE.
ACL 12/01/08 10:04:45 List NO-TELNET, seq#10 denied tcp
2001:db8:0:1ae::1a:3(1612)
->2001:db8:0:1ad::1a:2(23) on vlan 1, port A7
Example syslog report of the first deny event detected by the switch for this ACE.
Dec 1 10:04:45 2008:db8:0:1ad::1a:1 ACL:
ACL 12/01/08 10:04:45 : ACL NO-TELNET seq#10 denied 6 packets

Enabling ACL logging on the switch

1. If you are using a syslog server, use the logging <ip-addr> command to configure the
syslog server IP addresses; ensure that the switch can access any syslog servers you specify.
2. Use logging facility syslog to enable the logging for syslog operation.
3. Use the debug destination command to configure one or more log destinations.
Destination options include logging and session. For more information on debug, see "Debug
and Syslog Messaging Operation" in the Appendix, "Troubleshooting", in the latest HP Switch
Software Management and Configuration Guide for your switch.
4. Use debug acl or debug all to configure the debug operation to include ACL messages.
5. Configure an ACL with the deny action and the log option in one or more ACEs.
For example, suppose you want to do the following:
On port 10, configure an extended ACL with an ACL-ID of 143 to deny Telnet traffic from IP
address 10.38.100.127 (see
Configure the switch to send an ACL log message to the console and to a Syslog server at IP
address 10.38.1 10.54 on port 1 1 if the switch detects a match denying Telnet access from
10.38.100.127 (see
Figure 20 Example of an ACL log application
106 Updates for the HP Switch Software IPv6 Configuration Guide
"Example of an ACL log application" (page
"Commands for applying an ACL with logging" (page
106)).
107)).