Configuring Logging of AACL Flows
You can configure logging of AACL flows for
a given application or for all unknown applications using AACL rules.
You must set match-direction to input or input-output for logging to occur.
Example—Configuration of Logging of Input Flows for Unknown Applications
[edit services aacl rule aacl_rule5]
match-direction input-output;
term t0 {
from {
application-unknown;
}
then {
count application;
log input-flow;
accept;
}
}
Example—Setup of a Specific Log File
The following example shows how to direct the aacl flow log to a file other than the default syslog file on the Routing Engine file system.
[edit system syslog]
file aacl_log {
external any;
match aacl-flow-log;
}