Solved: Get rid of %SEC-6-IPACCESSLOGP

mario.vasquez · ‎02-02-2016

We have taken support ownership of a 6509 and the logs are filled with these msgs. I cannot find any advice on how to get it to stop. it is running 12.2(33)SXJ6. I see no access-list or other config entry that might be generating this. These msgs also scroll on the VTY when telneted in. very annoying and disruptive

here is some of the config. I do see deny statements for log but that should block these I would think:

HH-6509-Core1#sho run | in log
service timestamps log datetime localtime
logging buffered 100000
logging console critical
deny ip any any log
deny ip any any log
vlan access-log ratelimit 2000
logging trap critical
logging source-interface Vlan5
logging 10.x.x
logging 216.x.x
logging 10.x.x

Philip D'Ath · ‎02-03-2016

You only have two access like items both configured with logging. It must be them.

Remove them (or change them so that the log keyword is removed) and see if the logging messages stop.

View solution in original post

Philip D'Ath · ‎02-03-2016

You only have two access like items both configured with logging. It must be them.

Remove them (or change them so that the log keyword is removed) and see if the logging messages stop.

mario.vasquez · ‎02-03-2016

Last night I was able to speak to one of the original engineers who implemented the network. You are correct, it was those 2 access-list items. There is an implicit deny at the end of every access-list but adding that command logs it so you can see the packets being denied by that list. removing the 1 line fixed it. Not sure why anyone would add that as a permanent item as it fills the logs and adds undue CPU burden. Thank you for the reply!

Philip D'Ath · ‎02-03-2016

That's good.

If you think I helped it would be great if you could rate the answer and mark it as correct.