Hey *, I'm seeing a ton of "access-list logging rate-limited or missed 149 packets" messages in my logs. The routers in question are GSRs on our borders and we need full logs. The only thing I can find on this message is a tiny blurb that says:
Well I hate to be blunt but that's a bs way to handle this. How can I tell if the logs are rate-limited or there are no buffers? If there are no buffers available then how do I increase the number of buffers allocated for acl usage? If rate-limited, how do I increase the limit? Why is this error message so difficult to get any real information on?
I hope this doesn't sound too confrontational, but the whole message pops up once every 2 seconds and there is almost 0 written anywhere on it.
command then to set the interval at which log messages are displayed. If memory serves me correctly they're displayed on the first occurrence then at 5 minute intervals after that, but this may have changed.
Well that sounds like a method to reduce the number of messages I receive telling me about the rate-limiting, but that is just a symptom. The core problem (disease, if you will) to cure is that logging is being rate-limited and we want those logs for post-processing.
OK, I don't believe there has yet been a satisfactory answer to the question of how to overide the rate-limiting of access-list logging. I am very curious if this is possible. I have increased the logging buffer, but am still missing a lot of access-list log messages.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...