• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1684
  • Last Modified:

Cisco router syslog rate-limit

Hi,

I've got a C1721 I'm configuring a syslog server on and so far I have this configuration:

logging on
logging host 192.168.1.24
logging buffered 4096 debugging
no logging rate-limit
logging history debugging
logging trap debugging

I am getting messages on the syslog server but not all of them... I get a line every now and then like this, telling me the messages aren't being sent due to a rate-limit even though one isn't present.

04-26-2009      11:22:08      Local7.Info      192.168.2.1      26668: Apr 26 2009 11:22:07.406 CDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 47 packets

Any ideas?
0
Pugglewuggle
Asked:
Pugglewuggle
  • 4
  • 3
1 Solution
 
Don JohnstonInstructorCommented:
Can we see the config please?
0
 
PugglewuggleAuthor Commented:
Sure, but isn't that the only part of the config relevant to the logging? I omitted the acls and other identifable info. Also, the logging server is 192.168.1.24 as you might have guessed. Thanks!

version 12.4
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
!
hostname Cisco1721
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-21.bin
warm-reboot
boot-end-marker
!
logging buffered 4096 debugging
no logging rate-limit
enable secret 5 xxxx
!
aaa new-model
!
!
aaa authentication login default local
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name dmzinspect tcp
ip inspect name dmzinspect udp
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool dad
   network 192.168.1.0 255.255.255.0
   dns-server xx xx xx
   default-router 192.168.1.1
   lease 8
!
!
ip domain name xxx
ip name-server xx
ip name-server xx
ip name-server xx
!
!
!
crypto pki trustpoint TP-self-signed-571180423
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-571180423
 revocation-check none
 rsakeypair TP-self-signed-571180423
!
!
crypto pki certificate chain TP-self-signed-571180423
 certificate self-signed 01
xxx
  quit
username xx privilege 15 secret 5 xx
!
!
!
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key xxx address xxx
crypto isakmp keepalive 10
!
crypto ipsec security-association idle-time 900
!
crypto ipsec transform-set ESP-AES-256-SHA esp-aes 256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes 192 esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
 description Tunnel toxx
 set peer xx
 set transform-set ESP-AES-256-SHA
 match address 103
!
!
!
interface Ethernet0
 description $ETH-WAN$$FW_OUTSIDE$
 ip address xxx
 ip access-group 102 in
 ip verify unicast reverse-path
 ip nat outside
 ip virtual-reassembly
 full-duplex
!
interface Ethernet1
 description $ETH-WAN$$FW_DMZ$
 ip address xxx
 ip access-group 101 in
 ip inspect dmzinspect out
 ip nat inside
 ip virtual-reassembly
 full-duplex
!
interface FastEthernet0
 description $ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 192.168.1.1 255.255.255.0
 ip access-group 100 in
 ip inspect SDM_LOW in
 ip nat inside
 ip virtual-reassembly
 speed auto
 full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxxx
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000

!
logging history debugging
logging trap debugging
logging 192.168.1.24

route-map SDM_RMAP_1 permit 1
 match ip address 104
!
!
control-plane
!
banner motd ^Cxxxxxxxx^C
!
line con 0
line aux 0
 exec-timeout 5 0
 password 7 xxx
 modem InOut
 transport input all
 speed 115200
 flowcontrol hardware
line vty 0 4
 access-class 1 in
 exec-timeout 60 0
 transport input telnet ssh
!
ntp clock-period 17180007
ntp server 129.6.15.29 source Ethernet0 prefer
end
0
 
Don JohnstonInstructorCommented:
If you're not rate limiting the logging messages then the only other thing that would cause this is insufficient memory.

How much RAM does the router have?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
PugglewuggleAuthor Commented:
I don't think that's the problem. The CPU's at 14% and it has 43MB memory free.

Any ideas?
0
 
Don JohnstonInstructorCommented:
Your IOS version has 64MB as the minimum RAM requirement.

From the output interpreter:

Explanation: Some packet-matching logs were missed because the access list log
messages were rate  limited, or no access list log buffers were available.

So if you're not doing rate limiting on the logging, it appears you're low on RAM.
0
 
PugglewuggleAuthor Commented:
Yes, the system has 96MB ram total with 43 free. I also looked that up on the cisco error decoder. I have 43mb free, not total, so I'm not sure what the issue is.
0
 
PugglewuggleAuthor Commented:
Apparently the system logs to the terminal only once every few seconds. The rest of the messages are sent to the syslog server. This comes from Cisco.

I'm closing this ticket as this is the answer.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now