cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
902
Views
0
Helpful
3
Replies

Defining data flow (logging ACL to syslog issues)

jamescox3
Level 1
Level 1

I have been recently tasked with documenting the data flow for a test dev system that we have. The over all goal is to create access-list based off of the data we find.

we currently have a 3825 with one WAN link, since the data flow is unknown right now I have created an access-list to permit any any log, and have it setup on the WAN interface.

We can see that we are sending messages to the syslog server but we are also seeing a lot of messages  access-list logging rate-limited or missed 86111 packets.

What can I do to minimise those messages while getting as much data to the syslog server as possible. Searching the web on that message hasn't returned anything useful yet. But I'am newer to ACL logging.

Thanks for your help.

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

You can change the logging threshold:

ip access-list log-update threshold

If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

You can change the logging threshold:

ip access-list log-update threshold

If you want to catch everything, you'd change this number to 1. I'd caution you on this though because it's going to heavily tax the router.

HTH,

John

HTH, John *** Please rate all useful posts ***

Thanks that appeared to work, I started with the value at 1000 and slowly steped it down until we started to see results we could use.

Good to hear!

HTH, John *** Please rate all useful posts ***
Review Cisco Networking for a $25 gift card