Overloading log on 3750

Answered Question
Oct 6th, 2007

Hi all, just for personal knowledge how would you overload a log on a switch? I was thinking creating an ACL allowing ICMP and logging it. Then ping bombing the switch. When I labbed this up, the log showed the total # of pings hit on the ACL in one log line:

%SEC-6-IPACCESSLOGDP: list PING permitted icmp -> (0/0), 200 packets

How would I make the log show a line per ping received? Thanks.

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 9 years 3 months ago

Can't be done with logging buffered. You need to rely on debug.


access-list 101 permit icmp any any

debug ip packet 101

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Edison Ortiz Sun, 10/07/2007 - 12:27

When the logging process is on, the messages are displayed on the console after the process that generated them has finished.

When the logging process is disabled, messages are sent only to the console. The messages are sent as they are generated, so error and debug output will be interspersed with prompts or output from the command.

System message logging is enabled by default. It must be enabled in order to send messages to any destination other than the console.

To disable message logging, use the no logging on command. Note that disabling the logging process can slow down the router because a process cannot continue until the messages are written to the console.



joshcarlson Sun, 10/07/2007 - 13:08

Thanks for the response!

Our standard logging config is:

service timestamps log datetime localtime

logging buffered informational

logging monitor informational

& of course, we are sending all traps etc... to a syslog server.

When running an ACL similar to:

ip access-list extended PING

permit icmp host host log

permit ip any any

Is it possible to make each individual ping show up as a line in the log?


Edison Ortiz Sun, 10/07/2007 - 14:15

I believe I addressed this on my previous response. You need to disable logging.

Please read my post again.

joshcarlson Sun, 10/07/2007 - 14:18

Alright, I must be missing something. I turned logging off, and now nothing shows up in the log...

Edison Ortiz Sun, 10/07/2007 - 15:34

Are you connected via the console port ?

If you are telnet into the router via a vty port, you need to execute terminal monitor to see the messages .

You won't see these messages in the buffer. The buffer is the content you see after typing show logging at the router's CLI.

Logging Buffering is disabled when you executed no logging (see my previous message) and Logging Console is the only service enabled.

Be careful on doing this, you may create a DoS on this router if a large amount of messages are generated. That's the reason messages aren't sent until the process that has generated has finished (see my previous post).

joshcarlson Mon, 10/08/2007 - 04:38

Oh ok, my bad man! What I want to do is overload the log buffer. I don't care about the log going to the console. When I issue "show log" I want each ping to have an individual line in the log buffer.

Correct Answer
Edison Ortiz Mon, 10/08/2007 - 13:32

Can't be done with logging buffered. You need to rely on debug.


access-list 101 permit icmp any any

debug ip packet 101

joshcarlson Mon, 10/08/2007 - 13:34

Oh well, thanks for the help. I'm familiar with how to do such things for real-time monitoring, but I was wanting to overload the saved log buffer. Thanks!


This Discussion