cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1140
Views
0
Helpful
5
Replies

Massive logs

slandeira
Level 1
Level 1

We have a problem with a massive shipment of logs from the Admin context of our ACE to our syslog server ( 172.30.48.6). Traffic is such that the switch where the syslog is saturated. We send the message type, basically 2, which are being sent. Why are these shipping? It implies that the ACE or this context they have a problem.

Feb  2 2010 19:28:07 : %ACE-6-302027: Teardown ICMP connection for faddr 172.30.
48.6/0 gaddr 10.98.154.47/3 laddr 10.98.154.47/0
Feb  2 2010 19:28:07 : %ACE-6-302026: Built ICMP connection for faddr 172.30.48.
6/57483 gaddr 10.98.154.47/224 laddr 10.98.154.47/771
Feb  2 2010 19:28:07 : %ACE-6-302027: Teardown ICMP connection for faddr 172.30.
48.6/0 gaddr 10.98.154.47/3 laddr 10.98.154.47/0
Feb  2 2010 19:28:07 : %ACE-6-302026: Built ICMP connection for faddr 172.30.48.
6/37394 gaddr 10.98.154.47/146 laddr 10.98.154.47/771
Feb  2 2010 19:28:07 : %ACE-6-302027: Teardown ICMP connection for faddr 172.30.
48.6/0 gaddr 10.98.154.47/3 laddr 10.98.154.47/0
Feb  2 2010 19:28:07 : %ACE-6-302026: Built ICMP connection for faddr 172.30.48.
6/57483 gaddr 10.98.154.47/224 laddr 10.98.154.47/771
Feb  2 2010 19:28:07 : %ACE-6-302027: Teardown ICMP connection for faddr 172.30.
48.6/0 gaddr 10.98.154.47/3 laddr 10.98.154.47/0

5 Replies 5

Sean Merrow
Level 4
Level 4

Hello,

It sounds like you might be hitting the following bug.  This one logged for the ACE 4710 and there is a similar one logged for the ACE Module:

CSCsx82538  -  Unreachable logging host causes the Syslogd process to spike (ACE 4710)

This bug is expected to be fixed in the ACE 4710 A3(2.5) release which is due out very soon.  If you are using the ACE module, you can get the fix in the currently available A2(2.3) software release.

The problem is seen when you configure a syslog server on the ACE that isn't yet listening for syslog.  This reason behind this problem is:

When you configure a logging host and if that host/port is not reachable then we will get a port unreachable error message from the host.
For this error message we will be generating two messages from ICM

1. Built ICMP connection.
2. Teardown ICMP connection.

    We will send above two messages to the host through syslogd. As a result, we will get another two port unreachable error messages from the host. For these messages we will be sending another four syslog messages again. This loop is causing the syslogd to spike.

Hope this helps,

Sean

I have an ACE module, this bug can affect too?


Cisco Application Control Software (ACSW)
----

Software
  loader:    Version 12.2[120]
  system:    Version A2(2.0) [build 3.0(0)A2(2.0)]
  system image file: [LCP] disk0:c6ace-t1k9-mz.A2_2_0.bin
  installed license: ACE-16G-LIC ACE-VIRT-020 ACE-SEC-LIC-K9 ACE-SSL-15K-K9

Hardware
  Cisco ACE (slot: 9)
  cpu info:
    number of cpu(s): 2
    cpu type: SiByte
    cpu: 0, model: SiByte SB1 V0.2, speed: 700 MHz
    cpu: 1, model: SiByte SB1 V0.2, speed: 700 MHz
  memory info:
    total: 955988 kB, free: 221312 kB
    shared: 0 kB, buffers: 4204 kB, cached 0 kB
  cf info:
    filesystem: /dev/cf
    total: 1014624 kB, used: 448480 kB, available: 566144 kB

last boot reason:  NP 2 Failed : NP ME Hung

configuration register:  0x1
ACE_ITX_A kernel uptime is 15 days 20 hours 18 minute(s) 30 second(s)

I envisage an increase in the A2(2.3) version, this error will it continue?
Thank you very much for your help.

Hello,


As I mentioned in my original response:


If you are using the ACE module, you can get the fix in the currently available A2(2.3) software release.


This is, of course, assuming this bug is indeed your issue.  Peter offered one work-around of suppressing the log messages.  The other would be to remove the syslog server from your config that is sending back the ICMP port-unreachables until it is addressed.  The bug for the module is CSCtc54103.

Thank you,

Sean

Thank you very much you both for your help!!

Peter Koltl
Level 7
Level 7

no logging message 302026

no logging message 302027

(-:

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: