20-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter20 Configuring Logging for Access Lists
Managing Deny Flows
Default Settings
Table20-1 lists the default settings for managing deny flows.
Managing Deny Flows
To configure the maximum number of deny flows and to set the interval between deny flow alert
messages (106100), enter the following command:
To set the amount of time between syslog messages (number 106101), which identifies that the
maximum number of deny flows was reached, enter the following command:
Monitoring Deny Flows
To monitor access lists, enter one of the following commands:
Table20-3 Default Parameters for Managing Deny Flows
Parameters Default
numbers The numbers argument specifies the maximum
number of deny flows. The default is 4096.
secs The secs argument specifies the time, in seconds,
between syslog messages. The default is 300.
Command Purpose
access-list deny-flow-max number
Example:
hostname(config)# access-list
deny-flow-max 3000
Sets the maximum number of deny flows.
The numbers argument specifies the maximum number, which can be
between 1 and 4096. The default is 4096.
Command Purpose
access-list alert-interval secs
Example:
hostname(config)# access-list
alert-interval 200
Sets the time, in seconds, between syslog messages.
The secs argument specifies the time interval between each deny flow
maximum message. Valid values are from 1 to 3600 seconds. The default
is 300 seconds.
Command Purpose
show access-list Displays access list entries by number.
show running-config access-list Displays the current running access list
configuration.