How do we fix these errors?
2629753: Dec 29 09:03:56.521 EST: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 2 packets
This is a Cisco 871 router with BVI and access lists.
Asked
Active
Viewed 1.9k times
2
700 Software
- 2,233
- 10
- 49
- 77
3 Answers
3
The message means that an ACL (with, presumably, logging enabled) is generating syslog messages faster than the router is willing to send them off. You'll have to increase the rate-limit, use the logging rate-limit command to do this (you'll probably want to use the ip access-list logging interval command as well).
Then, tweak the rate-limit and interval until lowering them starts generating the rate-limit messages and up them a bit. The exact values will depend on your traffic profile and you may find that you'll have to accept these during traffic peaks.
Vatine
- 5,440
- 25
- 24
-
I looked at `(config)#logging rate-limit ?` and it says `<1-10000> Messages per second` so that is very clear.. but what about `ip access-list logging interval`? Is it supposed to be the same as `rate-limit`? – 700 Software Jan 08 '11 at 13:57
-
I believe that is a minimum time between ACL log messages. Basically, you need to allow more log messages to be generated. But, the 871 is not the fastest hardware platform around and I don't know if "have ACL" directly implies "process-switched" or not. You may actually be on the limit of what your hardware can do. – Vatine Jan 08 '11 at 14:35
-
OK.. I looked again it says `Access list logging interval (milliseconds)`.. It seems like I would have already checked that the first time :P . I looked at `show run | include ...` and it seems I must be using default values for both. I set the ACL `interval` to 0 and will play around with the `rate-limit` option to see if it works the way I think it does. Thanks for the answer – 700 Software Jan 10 '11 at 15:55
0
I assume you have to set the level of logging you are doing
There are 7 levels, I'm not sure which one you need, but I think this would be a good place to start.
0—emergencies 1—alerts 2—critical 3—errors 4—warnings 5—notification 6—informational 7—debugging
Will
- 69
- 1
- 8
-
I edited my question. I was not just talking about hiding the messages. – 700 Software Dec 29 '10 at 18:05
0
I'm not immediately sure if this is a central logging server, but I'm inclined to think so. You're either seeing dropped packets, or messages are being generated to fast. Options are to fix your network congestion / reliability, or find a way to reduce the items being logged.
Jeff Ferland
- 20,547
- 2
- 62
- 85
-
This is a Cisco 871 router with BVI and access lists. (edited my question) – 700 Software Dec 29 '10 at 18:15