Re: Named Access-List option "log-update"

From: Basil Dolmatov (dol@east.ru)
Date: Mon Oct 16 2000 - 15:06:44 EDT


I can guess... ;)

logged ACL hits are buffered and flushed after default time
interval (I guess 30 secs) or buffer overflow.
You can tune behaviour in necessary direction, either to add
reactivity, or to make it more sleepy and lazy in logging...

another version - ACLs can be logged after specific number of hits in given rule
i.e. effectively block random ACL hits and leave only massive attacks
being logged.

Both things would be attempts to combine possibility to avoid router
to be knelt down by attacker, but to leave means to log source and
method of attack.

Just my 0.02

--------------------------------------------------------
Basil (Vasily) Dolmatov CCIE #5347, CCNP-Security, CCDA

On Mon, 16 Oct 2000, Kevin Gannon wrote:

> I was configuring some named access-lists and found the following:
>
> ip access-list log-update threshold
>
> I have checked the web site and the command references and
> cant find any reference. Has anyone used it got a clue what it
> can be used for it seems useful.
>
> Regards,
> Kevin
>
>
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:19 EDT