I have a 2811 Router. I setup a syslog to capture attacks on ports 22, 23, and 3389. It is thousands of hits per day.
In the syslog I get
access-list logging rate-limited or missed 12 packets
I have been changing the config settings and still get missed packets. I am upgrading the 2811 to 768MB of RAM from 256MB.
logging message-counter syslog
logging queue-limit 700
logging queue-limit trap 700
logging buffered 1000000
logging rate-limit 700 except warnings
no logging console
no logging monitor
ip access-list logging interval 70
How much higher can I take these settings to capture all the data? Any way to clear the 2811 logs once the data is sent to syslog?