Configuring IPv4 ACL Logging
To configure the IPv4 ACL logging process, you first create the access list, then enable filtering of IPv4 traffic on an interface using the specified ACL, and finally configure the ACL logging process parameters.
For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide.
Configuring Logging Level to Match Entries in ACL Log
Configuring Logging Level to Match Entries in ACL Log
POST http://<mgmt0_IP>/api/mo/sys.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"matchLevel": "6"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<matchLevel>6</matchLevel>
</log-items>
</inst-items>
</acllog-items>
</System>
Specifies the minimum severity level to log ACL matches. The default is 6 (informational). The range is from 0 (emergency) to 7 (debugging).
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload or the YANG tab to view the XML payload.
acllog match-log-level 6
Note: The property information for this example was added in Release 9.3(3).
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| matchLevel | scalar:UByte | Acllog logging level severity | RANGE: [0 , 7] DEFAULT: 6 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring the Max Number of Log Entries Cached in Software
Configuring the Max Number of Log Entries Cached in Software
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"entries": "693159"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<entries>693159</entries>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
logging ip access-list cache entries 693159
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| entries | scalar:Uint32 | Maximum number of flows to be monitored by logging process | RANGE: [0 , 1048576] DEFAULT: 8000 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting the Max Number of Log Entries Cahed in Software
Deleting the Max Number of Log Entries Cahed in Software
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"entries": "8000"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<entries>8000</entries>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no logging ip access-list cache entries 693159
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| entries | scalar:Uint32 | Maximum number of flows to be monitored by logging process | RANGE: [0 , 1048576] DEFAULT: 8000 |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Source Group Tag Info in Syslogs
Configuring Source Group Tag Info in Syslogs
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"includeSgt": "yes"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<includeSgt>true</includeSgt>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
logging ip access-list include sgt
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| includeSgt | scalar:Bool | Include source group tag info in syslogs | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Source Group Tag Info in Syslogs
Deleting Source Group Tag Info in Syslogs
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"includeSgt": "no"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<includeSgt>false</includeSgt>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no logging ip access-list include sgt
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| includeSgt | scalar:Bool | Include source group tag info in syslogs | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Configuring Detailed ACL Information
Configuring Detailed ACL Information
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"detailed": "yes"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<detailed>true</detailed>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
logging ip access-list detailed
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| detailed | scalar:Bool | Include detailed ACL information | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:
Deleting Detailed ACL Information
Deleting Detailed ACL Information
POST http://<mgmt0_IP>/api/mo/sys/acllog/inst.json
{
"acllogInst": {
"children": [
{
"acllogLogCache": {
"attributes": {
"detailed": "no"
}}}]}}
{
imdata:[]
}
<System>
<acllog-items>
<inst-items>
<log-items>
<detailed>false</detailed>
</log-items>
</inst-items>
</acllog-items>
</System>
Note: This example was added in Release 9.3(3).
CLI Commands
The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.
no logging ip access-list detailed
Verifying a DME Configuration
The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.
| MO | DN |
|---|---|
| acllogInst | sys/acllog/inst |
| acllogLogCache | sys/acllog/inst/log |
acllogLogCache Properties
The following table contains information about the acllogLogCache properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.
| Property Name | Data Type | Description | Values |
|---|---|---|---|
| detailed | scalar:Bool | Include detailed ACL information | SELECTION: true or false |
Related Documentation
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:
https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide: