Cisco Cisco Security Manager 4.11 Guía Del Usuario
Cisco Security Manager 4.11 API Specification (Version 2.3)
Page 62
permit
boolean
Indicates the action to be taken when a match is found
Table 28: StandardACEPolicyObject Class Definition
Figure 34: StandardACEPolicyObject XML Schema
3.1.4.9 Extended ACE Policy Object
An ExtendedACEPolicyObject extends from the BasePolicyObject class and inherits all its attributes. An
ExtendedACEPolicyObject defines an extended access control entry. Policy definitions reference the
ExtendedACEPolicyObject via the gid value.
ExtendedACEPolicyObject defines an extended access control entry. Policy definitions reference the
ExtendedACEPolicyObject via the gid value.
Element.Sub Element
Type
Comment
sourceGID
ObjectIdentifier
The source of the traffic.
destinationGID
ObjectIdentifier
Traffic destination.
serviceGID
ObjectIdentifier
The service that defines the type of traffice to act upon
doLogging
String
Contains value “true” if logging is enabled for PIX, ASA, FWSM
devices or “false” otherwise. If logInterval and logLevel elements are
not specified then it means “Default Logging” is enabled.
devices or “false” otherwise. If logInterval and logLevel elements are
not specified then it means “Default Logging” is enabled.
logInterval
String
Specifies the Logging Interval in seconds, if this is specified it means,
“per ACE Logging is Enabled”
“per ACE Logging is Enabled”
logLevel
String
Specifies the Logging Level – one of “Emergency”, “Alert”,
“Critical”, “Error”, “Warning”, “Notification”, “Informational” or
“Debugging. Iif this is specified it means, “per ACE Logging is
Enabled”
“Critical”, “Error”, “Warning”, “Notification”, “Informational” or
“Debugging. Iif this is specified it means, “per ACE Logging is
Enabled”
logOption
String
Used to specify IOS logging. Contains “log” if IOS logging is
enabled. Contains “log-input” if IOS Logging is enabled and Log
Input is also enabled for IOS devices.
enabled. Contains “log-input” if IOS Logging is enabled and Log
Input is also enabled for IOS devices.
permit
boolean
True if this is a permit ACE, false for deny.
Table 29: ExtendedACEPolicyObject Class Definition
<
xs:complexType
name
="StandardACEPolicyObject">
<xs:complexContent>
<
xs:extension
base
="BasePolicyObject">
<
xs:sequence
minOccurs="1" maxOccurs="1">
<
xs:element
name
="networkGID"
type
="ObjectIdentifier"
minOccurs
="1"
maxOccurs
="1"/>
<
xs:element
name
="doLogging"
type
="xs:boolean"
minOccurs
="1"
maxOccurs
="1"/>
<
xs:element
name
="permit"
type
="xs:boolean"
minOccurs
="1"
maxOccurs
="1"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>