Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

rate-limited acl logging

Hey *, I'm seeing a ton of "access-list logging rate-limited or missed 149 packets" messages in my logs. The routers in question are GSRs on our borders and we need full logs. The only thing I can find on this message is a tiny blurb that says:

-----------------------------------------------------

Explanation Some packet-matching logs were missed because the access list log messages were rate limited, or no access list log buffers were available.

Recommended Action No action is required.

-----------------------------------------------------

Well I hate to be blunt but that's a bs way to handle this. How can I tell if the logs are rate-limited or there are no buffers? If there are no buffers available then how do I increase the number of buffers allocated for acl usage? If rate-limited, how do I increase the limit? Why is this error message so difficult to get any real information on?

I hope this doesn't sound too confrontational, but the whole message pops up once every 2 seconds and there is almost 0 written anywhere on it.

5 REPLIES
Cisco Employee

Re: rate-limited acl logging

Access-list log messages are rate-limited by default so they don't overwhelm the system. You can use the command:

ip access-list log-update ?

to change these parameters. This link will help you understand what the defaults are:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfip1.htm#1072819

Apologies for the lack of info re the error message.

New Member

Re: rate-limited acl logging

Thanks for the quick answer. Unfortunately I don't have that command:

jbx01c100626(config)#ip access-list ?

extended Extended Access List

logging Control access list logging

standard Standard Access List

jbx01c100626(config)#ip access-list log-update ?

% Unrecognized command

Our IOS is:

IOS (tm) GS Software (GSR-K4P-M), Version 12.0(25)S2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc2)

Is there some feature I should look for to know if an IOS has this ability?

Cisco Employee

Re: rate-limited acl logging

Use the:

ip access-list logging ?

command then to set the interval at which log messages are displayed. If memory serves me correctly they're displayed on the first occurrence then at 5 minute intervals after that, but this may have changed.

New Member

Re: rate-limited acl logging

Well that sounds like a method to reduce the number of messages I receive telling me about the rate-limiting, but that is just a symptom. The core problem (disease, if you will) to cure is that logging is being rate-limited and we want those logs for post-processing.

New Member

Re: rate-limited acl logging

OK, I don't believe there has yet been a satisfactory answer to the question of how to overide the rate-limiting of access-list logging. I am very curious if this is possible. I have increased the logging buffer, but am still missing a lot of access-list log messages.

135
Views
0
Helpful
5
Replies