cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5701
Views
11
Helpful
2
Replies

access-list logging rate-limited or missed

Live2 Bicycle
Level 3
Level 3

I am trying to troubleshoot something using an accesslist to monitor traffic between two devices. One device is on my local network the other is out on the internet. When I turn on logging for my ACL rule I see my traffice appear when I do a sh log. After every 4th entry I also get a logging rate-limited message like below. How do i prevent this. I do not want to miss any packets I want to log every single one of them. Is there a way to turn off rate limit?

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(28145) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(36483) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(24319) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

2 Replies 2

stschmidt
Level 1
Level 1

The above message means simply that the amount of access-list logging is being

rate-limited. Note that the above is a log message generated by the IP Access Log process,

and thus neither related to nor controlled by the generic "logging rate-limit" command.

This rate-limiting of access-list logs is programmed into the IOS by default as a safety

feature, as unrestricted number of ACL logs can potentially overload the systems if the

rate of packets that need to be logged is high enough.

could the error also be a possible DOS or DDOS attack?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: