I poked around cisco's web page, but was too dim to work out
how the logging worked, in detail.
Am I correct in understanding that the logging mechanism logs
a text messages with source/dest IP, and dest port, when a packet is
dropped by an ACL line with a 'log' option?
In particular, a) you can't log packets that were permitted
b) you can't log anything more than source+dest address, and dest port.
Something our customers like to do is session auditing, log
TCP setup/teardown packets, so I am professionally interested in
whether our competition can do it. (<-- statement of purpose).