The ACL Syslog Correlation feature appends a tag (either a user-defined cookie or a device-generated MD5 hash value) to access
control entry (ACE) syslog entries. This tag uniquely identifies an ACE that generated the syslog entry.
Network management software can use the tag to identify which ACE generated a specific syslog event. For example, network
administrators can select an ACE rule in the network management application and can then view the corresponding syslog events
for that ACE rule.
To append a tag to the syslog message, the ACE that generates the syslog event must have the log option enabled. The system
appends only one type of tag (either a user-defined cookie or a device-generated MD5 hash value) to each message.
To specify a user-defined cookie tag, the user must enter the cookie value when configuring the ACE log option. The cookie
must be in alpha-numeric form, it cannot be greater than 64 characters, and it cannot start with hex-decimal notation (such
To specify a device-generated MD5 hash value tag, the hash-generation mechanism must be enabled on the device and the user
must not enter a cookie value while configuring the ACE log option.