This feature allows the logging of the packets matching permit rules in ingress ACLs. This behavior can be enabled by using the log keyword when configuring an ACL permit rule. A copy of the packet matching those ACL rules is sent to the control plane, where a syslog entry of the packet header is being generated.