| Exam 400-101 | Question id=993 | Infrastructure Security |
What extra information does the log-input keyword provide in an ACL log that the logkeyword does not?
| A. |
destination IP address | |
| B. |
source IP address | |
| C. |
destination MAC address | |
| D. |
source MAC address | |
| E. |
ingress interface | |
| F. |
egress interface |
The log-input keyword provides source Media Access Control (MAC) address and ingress interface information in an access control list (ACL) log? the log keyword does not provide that information. Apart from this information, the log-input keyword logs everything that the log keyword logs, including the source and destination IP address and port numbers.
Neither the log keyword nor the log-input keyword provides the destination MAC address or egress interface information. Both the log keyword and the log-input keyword provide the message identifier, the ACL name or number, whether the packet was permitted or denied, the protocol, the source IP address and port, the destination IP address and port, and the number of similar packets logged during the log update threshold. By default, the log update threshold is five minutes. If multiple matching packets are received during the log update threshold, only one instance is reported every five minutes? additional instances will increment a packet counter and will be reported when the log update threshold expires.
The following sample output is generated by an ACL with the log keyword:
*Mar 16 17:02:24.519: %SEC6IPACCESSLOGP: list 101 permitted tcp 10.1.14.3(1234) > 192.168.17.6(6543), 1 packet
The following sample output is generated by an ACL with the log-input keyword? note the addition of the source MAC address and ingress interface:
*Mar 16 17:02:24.519: %SEC6IPACCESSLOGP: list 101 permitted tcp 10.1.14.3(1234) (FastEthernet0/1 0000.0c12.3456) > 192.168.17.6 (6543), 1 packet
You can uniquely identify a particular ACL log message by enabling ACL hash generation. When you enable hash generation by issuing the ip access-list logging hashgeneration command, an MD5 hash is appended to each ACL log entry.
The following sample output is generated by an ACL when the ip access-list logging hash-generation command has been issued on the router:
*Mar 16 17:02:24.519: %SEC6IPACCESSLOGP: list 101 permitted tcp 10.1.14.3(1234) (FastEthernet0/1 0000.0c12.3456) > 192.168.17.6 (6543), 1 packet Hash code is 0xCE87F535