> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Enable or Disable Monitoring Mode for Tenant Access Control List Rules

> Audit how a rule would affect incoming traffic without changing the Tenant ACL's current behavior by enabling monitoring mode.

When a rule is in monitoring mode, Tenant ACL [evaluates that rule](./rule-evaluation) and emits a [tenant log event](./tenant-log-event-reference), but does not execute the rule's action and does not terminate evaluation of subsequent rules and lists.

To enable monitoring mode, configure the rule's action property `log` to `true`:

<Tabs>
  <Tab title="Management API">
    Call the Management API [Partial update for an access control list endpoint](/docs/api/management/v2/network-acls/patch-network-acls-by-id) with the following body:

    ```json Management API request body highlight={4} theme={null}
    {
      "rule": {
        "action": {
          "log": true
        },
        "scope": "authentication"
      }
    }
    ```
  </Tab>

  <Tab title="Go SDK">
    ```go highlight={20} theme={null}
    package main

    import (
    	"context"
    	"log"

    	"github.com/auth0/go-auth0"
    	"github.com/auth0/go-auth0/management"
    )

    func main() {
    	mgmt, err := management.New("{yourDomain}", management.WithClientCredentials("{yourClientId}", "{yourClientSecret}"))
    	if err != nil {
    		log.Fatal(err)
    	}

    	networkACL := &management.NetworkACL{
    		Rule: &management.NetworkACLRule{
    			Action: &management.NetworkACLRuleAction{
    				Log: auth0.Bool(true),
    			},
    			Scope: auth0.String("authentication"),
    		},
    	}

    	err = mgmt.NetworkACL.Patch(context.Background(), "{yourTenantAclRuleId}", networkACL)
    	if err != nil {
    		log.Fatal(err)
    	}
    	log.Println("Network ACL has been updated to enable monitoring mode")
    ```
  </Tab>

  <Tab title="Node SDK">
    ```javascript highlight={4} theme={null}
    const updateNetworkAclPayload: Management.UpdateNetworkAclRequestContent = {
      rule: {
        action: {
          log: true,
        },
        scope: "authentication"
      }
    };

    const updateNetworkAcl = await client.networkAcls.update("{yourTenantAclRuleId}", updateNetworkAclPayload);
    ```
  </Tab>

  <Tab title="Terraform">
    In the resource block, under [`rule.action`](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/network_acl#nested-schema-for-ruleaction), set `log` to `true`:

    ```terraform highlight={7} theme={null}
    resource "auth0_network_acl" "example_acl" {
        description = "Example ACL"
        active = true
        priority = 1
        rule {
            action {
                block = true
                log = true
            }
            scope = "authentication"
            match {
              hostnames = ["example.com"]
            }
        }
    }
    ```
  </Tab>

  <Tab title="Deploy CLI">
    ```yaml highlight={8} theme={null}
    exampleACLs:
      - description: Example ACL
        active: true
        priority: 1
        rule:
          action:
            block: true
            log: true
          match:
            hostnames:
              - "example.com"
          scope: authentication
    ```
  </Tab>

  <Tab title="Auth0 CLI">
    ```bash theme={null}
    auth0 network-acl update {yourTenantAclRuleId} --action log
    ```
  </Tab>
</Tabs>

You can disable monitoring mode by similarly setting the the `log` property to `false`.