09-26-2005 06:47 AM - edited 02-20-2020 09:28 PM
I am trying to troubleshoot something using an accesslist to monitor traffic between two devices. One device is on my local network the other is out on the internet. When I turn on logging for my ACL rule I see my traffice appear when I do a sh log. After every 4th entry I also get a logging rate-limited message like below. How do i prevent this. I do not want to miss any packets I want to log every single one of them. Is there a way to turn off rate limit?
%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(28145) -> xxx.xxx.xxx.xxx(10032), 1 packet
%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(36483) -> xxx.xxx.xxx.xxx(10032), 1 packet
%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(24319) -> xxx.xxx.xxx.xxx(10032), 1 packet
%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
09-26-2005 11:03 AM
The above message means simply that the amount of access-list logging is being
rate-limited. Note that the above is a log message generated by the IP Access Log process,
and thus neither related to nor controlled by the generic "logging rate-limit" command.
This rate-limiting of access-list logs is programmed into the IOS by default as a safety
feature, as unrestricted number of ACL logs can potentially overload the systems if the
rate of packets that need to be logged is high enough.
09-05-2006 04:22 PM
could the error also be a possible DOS or DDOS attack?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: