
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 06:44 AM - edited 03-04-2019 04:14 PM
I have been recently tasked with documenting the data flow for a test dev system that we have. The over all goal is to create access-list based off of the data we find.
we currently have a 3825 with one WAN link, since the data flow is unknown right now I have created an access-list to permit any any log, and have it setup on the WAN interface.
We can see that we are sending messages to the syslog server but we are also seeing a lot of messages access-list logging rate-limited or missed 86111 packets.
What can I do to minimise those messages while getting as much data to the syslog server as possible. Searching the web on that message hasn't returned anything useful yet. But I'am newer to ACL logging.
Thanks for your help.
Solved! Go to Solution.
- Labels:
-
Routing Protocols
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 07:06 AM
You can change the logging threshold:
ip access-list log-update threshold
If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.
HTH,
John

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 07:06 AM
You can change the logging threshold:
ip access-list log-update threshold
If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.
HTH,
John

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 08:13 AM
Thanks that appeared to work, I started with the value at 1000 and slowly steped it down until we started to see results we could use.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2012 09:32 AM
Good to hear!
