10-116
IPv4 Access Control Lists (ACLs)
Enable ACL “Deny” Logging
Configuring the Logging Timer
By default, the wait period for logging “deny” matches (described above in 
“ACL Logging Operation”) is approximately five minutes (300 seconds). You 
can manually set the wait period timer to an interval between 30 and 300 
seconds, using the access-list command from the config context. This setting 
is stored in the switch configuration.
Syntax: access-list logtimer <default | <30-300>>
From config context: This command sets the wait period timer 
for logging “deny” messages to the SYSLOG server or other 
destination device(s). The first time a packet matches an ACE 
with deny and log configured, the message is sent immediately 
to the destination and the switch starts a wait period of 
approximately five minutes (default value). (The exact dura-
tion of the period depends on how the packets are internally 
routed.) At the end of the wait period, the switch sends a single-
line summary of any additional “deny” matches for that ACE 
(and any other “deny” ACEs for which the switch detected a 
match). If no further log messages are generated in the wait 
period, the switch suspends the timer and resets itself to send 
a message as soon as a new “deny” match occurs.
• default — sets the wait period timer to 300 seconds.
• <30-300> — sets the wait period timer to the specified number 
of seconds.