GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Access-List Logging Rate Limit posted 01/24/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


ip access-list logging interval will set the amount of time between your
updates

ip access-list log-update threshold will set the log to generate a message
every number of hits.

so I think this is what you are looking for according to what you specify
bellow.



On Jan 24, 2008 5:21 PM, nhatphuc <nhatphuc@xxxxxxxxx> wrote:

> Hello,
>
> I don't know that feature's name so called it ACL Logging Rate Limit. I
> meant limiting the number of ACL log messages.
>
> From my understanding ip access-list logging interval and ip access-list
> log-update threshold are used to limit the number of ACL log messages. But
> you said i was dropping the packet and couldn't do anything.
>
> So can you tell me which case to use these 2 commands? And how to limit
> the number of log messages?
>
> Thank you
>
> Phuc
>
>
> On Jan 24, 2008 1:48 PM, shiran guez < shiranp3@xxxxxxxxx> wrote:
>
> >
> > http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1017391
> >
> > I do not think what you are looking for is rate limit as this is more
> > related to CAR and you do not want to allow the traffic in and slow it, you
> > just want to reduce the log size.
> >
> > also I see that you increased the logging interval and update threshold.
> > the packets are coming to you and you are dropping them already so you cant
> > do anything else, I had once a problem with an attacker on one of my linux
> > servers and I had huge logs like more then 40GB and I have traced back to
> > the ISP that is relaying the attack and he apologized as he was also under
> > that attack from another source but when he managed to stop it on his side
> > then it stopped going to my end other then that I could not do anything else
> > accept clean the logs more often.
> >
> > usually the problems with this attack are finding the source and
> > stopping him.
> >
> >   On Jan 23, 2008 7:01 PM, nhatphuc <nhatphuc@xxxxxxxxx> wrote:
> >
> > >    Hi Group,
> > >
> > > My router is under login attack. There're many logged messages output
> > > on
> > > console:
> > >
> > > Jan 23 23:40:43 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > 192.248.88.10(36752) -> 0.0.0.0(22), 1 packet
> > > Jan 23 23:40:44 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > 192.248.88.10(37556) -> 0.0.0.0(22), 1 packet
> > > Jan 23 23:40:46 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > 192.248.88.10 (37737) -> 0.0.0.0 (22), 1 packet
> > >
> > > I've configured rate limit for access-list like this:
> > >
> > > ip access-list logging interval 30000
> > > ip access-list log-update threshold 10000
> > >
> > > But there are still many messages outputted. How can I slow it down?
> > > And how
> > > to use access-list rate limit feature? I think the parameters I
> > > configured
> > > are rather high but they didn't help.
> > >
> > > Thanks
> > >
> > > Phuc
> > >
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> >
> >
> >
> > --
> > Shiran Guez
> > MCSE CCNP NCE1
> > http://cciep3.blogspot.com
> > http://www.linkedin.com/in/cciep3
>
>
>


-- 
Shiran Guez
MCSE CCNP NCE1
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3