Why 4507 logging rate-limited?

Unanswered Question
Mar 13th, 2008

We are not running any QoS policing on our 4507R's. However, we have recently noticed syslog messages being rate-limited, as below:


Syslog logging: enabled (0 messages dropped, 43 messages rate-limited, 0 flushes

, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 4756 messages logged, xml disabled,

filtering disabled

Monitor logging: level debugging, 21 messages logged, xml disabled,

filtering disabled

Buffer logging: level debugging, 4798 messages logged, xml disabled,

filtering disabled

Exception Logging: size (8192 bytes)

Count and timestamp logging messages: disabled


So my question is what mechanism is causing those 43 messages to be rate-limited? I'm having a hard time finding relevant documentation.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
gkuzmowycz Thu, 03/13/2008 - 13:12

Thanks for the reply, Edison.


However, we have no rate-limiting set on logging, and the doc you pointed me to says the default is for no limiting. So I'm still wondering why the "sh logg" output I posted in my first message says 43 messages to syslog were rate-limited.


Edison Ortiz Thu, 03/13/2008 - 13:54

Correct. However, there are things sent to the console and/or buffer that are rate-limited independent of the rate-limit setting I described on the previous command.


ACLs for instance have a setting to limit the amount of messages that are sent to the logging service for processing. Perhaps those 43 messages were ACLs with a log option. I don't recommend changing the default setting on the ACL threshold but if you want to, take a read to this document:

http://www.cisco.com/en/US/docs/ios/12_4t/secure/configuration/guide/tsaclovw.html#wp1057179


HTH,


__


Edison.

gkuzmowycz Thu, 03/13/2008 - 14:53

Thanks. We've been testing ACL logging, so those may very well be the culprit.

Actions

This Discussion