I would like to raise a question: why is there currently no built-in functionality in network devices for logging events related to ACL (Access Control List) operations? In my opinion, logging such information should be considered one of the most essential features – both from a security perspective and for diagnostic purposes.

I kindly request that you consider implementing such a solution.

I understand that a common concern might be the rapid exhaustion of disk resources due to the potentially high volume of ACL logs. However, there are reasonable and practical ways to address this issue:

• The logs don’t need to be stored in the controller's internal memory. Instead, they could be redirected to:

  • an external storage device (e.g., USB drive),

  • a remote network resource (e.g., a Syslog server),

  • or even a secondary, dedicated controller designed specifically to handle and analyze such logs.

This kind of approach would enable secure and controlled logging and analysis of ACL events, while also offering new opportunities for monitoring and faster incident response.