Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
1
Helpful
6
Replies

NAT logging in syslog

ammar-taha
Level 1
Level 1

‎01-15-2025 02:14 AM

i have two Cisco ASR-1002-X work as BNG for pppoe subscriber and i run CGNAT on it 

when i run 
ip nat log translations syslog on both of them one of BNG log all NAT and the other BNG miss a lot of nat session and show only few of them 

my syslog config on both are 

ip nat log translations syslog
logging trap debugging
logging source-interface TenGigabitEthernet0/1/0.107
logging host 10.155.120.1

Labels:
0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎01-15-2025 02:21 AM

If both BNG generate log for NAT abd one few and other all' then check of you config any logging rate in router.

The router will generate log in specific rate.

MHM

0 Helpful

ammar-taha
Level 1
Level 1
In response to MHM Cisco World

‎01-15-2025 02:51 AM

both are setted to maximum rate limit 10000 

MHM Cisco World
VIP
VIP
In response to ammar-taha

‎01-15-2025 02:53 AM

Yes but that rate limit is set for all log' not only for log of NAT.

Try increase limit to be 12000 and check. 

MHM

0 Helpful

ammar-taha
Level 1
Level 1
In response to MHM Cisco World

‎01-15-2025 03:08 AM

this 10000 is the maximum rate that i can configure 

this show from the BNG that doesn't has any issue
R1#show logging
Syslog logging: enabled (258254952 messages dropped, 2809053169 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

and this from the second one with issue 
#show logging
Syslog logging: enabled (0 messages dropped, 129051319 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

it look like the router ignore logging when i try 
show history all
in the second router the command  the command still visable 
CMD: 'sh history all' 14:06:58
CMD: 'sh history all' 14:07:01
CMD: 'sh history all' 14:07:03

but when i try to run show history all in the first one it gone and replace by nat log and so on so the first one is very active with logging 
both of router have the same number of users 

0 Helpful

MHM Cisco World
VIP
VIP
In response to ammar-taha

‎01-15-2025 11:57 AM

Syslog logging: enabled (258254952 messages dropped, 2809053169 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

Syslog logging: enabled (0 messages dropped, 129051319 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)

there is drop because of rate limit 

try use 

logging rate-limit <> all except <nat log message level>

MHM

0 Helpful

vishalbhandari
Spotlight
Spotlight

‎01-17-2025 10:12 AM

@ammar-taha It seems one of your ASR-1002-X BNGs is missing many NAT session logs. Ensure both devices are processing similar NAT traffic loads and have sufficient resources. Verify that the logging source-interface configuration is correct and matches the active interface. Check the reachability to the syslog server (10.155.120.1) from both BNGs. Additionally, confirm that the syslog server isn't dropping logs due to overload or network issues. If everything appears correct, check for discrepancies in software versions or bugs related to NAT logging on the ASRs. Consider upgrading the firmware if necessary.

0 Helpful
Customers Also Viewed These Support Documents