NAT syslog logging has increased

mking · ‎04-12-2007

We upgraded from 12.2 to 12.4

We have NAT Logging enabled with the following commands.

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezoneip nat log translations syslog

logging queue-limit 100

logging history informational

logging trap debugging

logging x.x.x.x

Under 12.1, our syslog looked like this:

Jan 2 00:02:43 x.x.x.x 16013572: Jan 2 00:02:42 EST: %IPNAT-6-NAT_CREATED: Created ? 10.28.144.81:0 x.x.x.x

:0 0.0.0.0:0 0.0.0.0:0

Jan 2 00:02:46 x.x.x.x 16013573: Jan 2 00:02:45 EST: %IPNAT-6-NAT_DELETED: Deleted ? 10.28.129.55:0 x.x.x.x

:0 0.0.0.0:0 0.0.0.0:0

(obviously x.x.x.x are real IP's)

One nat would be created per IP, till the timeout cleared it.

Now our logs look like this:

Apr 12 22:44:27 1.1.1.1 125797905: Apr 12 22:44:27 EDT: %IPNAT-6-NAT_CREATED: Created udp 10.16.15.66:39442 x.x.x.162:39442 189.167.131.131:23361 189.167.131.131:23361

Apr 12 22:44:27 1.1.1.1 125797906: Apr 12 22:44:27 EDT: %IPNAT-6-NAT_CREATED: Created udp 10.16.15.66:39442 x.x.x.162:39442 189.152.26.226:45978 189.152.26.226:45978

Several NAT's for the same internal IP, and the same external IP.

Is there a way we can go back to the original logging method? Our logs have gone from several hundred megabytes to 4 or 5 gigs a day, and this is posing a problem.

mking · ‎04-18-2007

Nobody has any ideas?

gmarogi · ‎04-18-2007

Upgrade the IOS to 12.4.6(3). It is related to problem bug - CSCek10384