Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
476
Views
0
Helpful
1
Replies

Basic question on logging, limited storage on syslog and router

news2010a
Level 3
Level 3

‎12-16-2009 05:31 AM - edited ‎02-21-2020 03:49 AM

Hello folks, I am new to syslog so I want to confirm the following:

Currently I have the below configured on MY4507:

Question:
Imagine I create an ACL "permit tcp any any eq 80 log-input" and apply to one of the inbound interfaces so that I can monitor hits to server network on port 80. Let's say I get too many hits. My understanding is that MY4507 would be protected against overflow by the command in red below, correct?

How about my syslog server? Is the 'logging size 500' also limit the information that I sent to my syslog server? Please let me know what is the best way to make sure that my syslog server will not crash in case I end up sending too many log output messages to it.

MY4507#show run | i logging
logging buffered 20000
logging event link-status global
logging event trunk-status global
  logging enable
  logging size 500
ip sla logging traps
logging source-interface Loopback0
logging 192.168.1.1

!-end

0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎12-16-2009 11:08 AM

The size is the internal buffer kept for logs in IOS.

The syslogs server should protect itself againsta overflows (purging), the router cannot do anything about it.

I hope it helps.

PK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card