Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Defining data flow (logging ACL to syslog issues)

I have been recently tasked with documenting the data flow for a test dev system that we have. The over all goal is to create access-list based off of the data we find.

we currently have a 3825 with one WAN link, since the data flow is unknown right now I have created an access-list to permit any any log, and have it setup on the WAN interface.

We can see that we are sending messages to the syslog server but we are also seeing a lot of messages  access-list logging rate-limited or missed 86111 packets.

What can I do to minimise those messages while getting as much data to the syslog server as possible. Searching the web on that message hasn't returned anything useful yet. But I'am newer to ACL logging.

Thanks for your help.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions

Defining data flow (logging ACL to syslog issues)

You can change the logging threshold:

ip access-list log-update threshold

If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.

HTH,

John

HTH, John *** Please rate all useful posts ***
3 REPLIES

Defining data flow (logging ACL to syslog issues)

You can change the logging threshold:

ip access-list log-update threshold

If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

Defining data flow (logging ACL to syslog issues)

Thanks that appeared to work, I started with the value at 1000 and slowly steped it down until we started to see results we could use.

Defining data flow (logging ACL to syslog issues)

Good to hear!

HTH, John *** Please rate all useful posts ***
450
Views
0
Helpful
3
Replies
CreatePlease to create content