Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list logging rate-limited or missed

I am trying to troubleshoot something using an accesslist to monitor traffic between two devices. One device is on my local network the other is out on the internet. When I turn on logging for my ACL rule I see my traffice appear when I do a sh log. After every 4th entry I also get a logging rate-limited message like below. How do i prevent this. I do not want to miss any packets I want to log every single one of them. Is there a way to turn off rate limit?

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(28145) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(36483) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGP: list 100 permitted tcp xxx.xxx.xxx.xxx(24319) -> xxx.xxx.xxx.xxx(10032), 1 packet

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

%SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets

  • Other Security Subjects
2 REPLIES
Bronze

Re: access-list logging rate-limited or missed

The above message means simply that the amount of access-list logging is being

rate-limited. Note that the above is a log message generated by the IP Access Log process,

and thus neither related to nor controlled by the generic "logging rate-limit" command.

This rate-limiting of access-list logs is programmed into the IOS by default as a safety

feature, as unrestricted number of ACL logs can potentially overload the systems if the

rate of packets that need to be logged is high enough.

New Member

Re: access-list logging rate-limited or missed

could the error also be a possible DOS or DDOS attack?

3036
Views
6
Helpful
2
Replies