access-list logging rate-limited or missed

Unanswered Question
Sep 26th, 2005

I am trying to troubleshoot something using an accesslist to monitor traffic between two devices. One device is on my local network the other is out on the internet. When I turn on logging for my ACL rule I see my traffice appear when I do a sh log. After every 4th entry I also get a logging rate-limited message like below. How do i prevent this. I do not want to miss any packets I want to log every single one of them. Is there a way to turn off rate limit?

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(28145) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(36483) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(24319) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
stschmidt Mon, 09/26/2005 - 11:03

The above message means simply that the amount of access-list logging is being

rate-limited. Note that the above is a log message generated by the IP Access Log process,

and thus neither related to nor controlled by the generic "logging rate-limit" command.

This rate-limiting of access-list logs is programmed into the IOS by default as a safety

feature, as unrestricted number of ACL logs can potentially overload the systems if the

rate of packets that need to be logged is high enough.

Actions

This Discussion