policy implicit-acl-logging—Log the headers of all packets that are dropped because they do not match a service configured with an allow-service command (on vEdge routers only). You can use these logs for security purposes, for example, to monitor the flows that are being directed to a WAN interface and to determine, in the case of a DDoS attack, which IP addresses to block.
When you enable implict ACL logging, by default, all dropped packets are logged. It is recommended that you limit the number of packets logged, by including the log-frequency command in the configuration. The default is to log every 512th packet.
vManage Feature Template
For vEdge routers:
Configuration ► Policies ► Localized Policy ► Add Policy ► Policy Overview ► Implicit ACL Logging field
Log implicitly configured packets, logging every 512th packet:
vEdge# show running-config policy policy log-frequency 1000 implicit-acl-logging ... !
Command introduced in Viptela Software Release 16.3.