From: nhatphuc (nhatphuc@gmail.com)
Date: Thu Jan 24 2008 - 15:18:27 ARST
Yes, But it didn't work as I thought.
Can you have a look at my config and tell me why?
Thanks
On Jan 24, 2008 11:31 PM, shiran guez <shiranp3@gmail.com> wrote:
> ip access-list logging interval will set the amount of time between your
> updates
>
> ip access-list log-update threshold will set the log to generate a message
> every number of hits.
>
> so I think this is what you are looking for according to what you specify
> bellow.
>
>
>
> On Jan 24, 2008 5:21 PM, nhatphuc <nhatphuc@gmail.com> wrote:
>
> > Hello,
> >
> > I don't know that feature's name so called it ACL Logging Rate Limit. I
> > meant limiting the number of ACL log messages.
> >
> > From my understanding ip access-list logging interval and ip access-list
> > log-update threshold are used to limit the number of ACL log messages. But
> > you said i was dropping the packet and couldn't do anything.
> >
> > So can you tell me which case to use these 2 commands? And how to limit
> > the number of log messages?
> >
> > Thank you
> >
> > Phuc
> >
> >
> > On Jan 24, 2008 1:48 PM, shiran guez < shiranp3@gmail.com> wrote:
> >
> > >
> > > http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1017391
> > >
> > > I do not think what you are looking for is rate limit as this is more
> > > related to CAR and you do not want to allow the traffic in and slow it, you
> > > just want to reduce the log size.
> > >
> > > also I see that you increased the logging interval and update
> > > threshold. the packets are coming to you and you are dropping them already
> > > so you cant do anything else, I had once a problem with an attacker on one
> > > of my linux servers and I had huge logs like more then 40GB and I have
> > > traced back to the ISP that is relaying the attack and he apologized as he
> > > was also under that attack from another source but when he managed to stop
> > > it on his side then it stopped going to my end other then that I could not
> > > do anything else accept clean the logs more often.
> > >
> > > usually the problems with this attack are finding the source and
> > > stopping him.
> > >
> > > On Jan 23, 2008 7:01 PM, nhatphuc <nhatphuc@gmail.com> wrote:
> > >
> > > > Hi Group,
> > > >
> > > > My router is under login attack. There're many logged messages
> > > > output on
> > > > console:
> > > >
> > > > Jan 23 23:40:43 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > > 192.248.88.10(36752) -> 0.0.0.0 (22), 1 packet
> > > > Jan 23 23:40:44 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > > 192.248.88.10(37556) -> 0.0.0.0(22), 1 packet
> > > > Jan 23 23:40:46 : %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp
> > > > 192.248.88.10 (37737) -> 0.0.0.0 (22), 1 packet
> > > >
> > > > I've configured rate limit for access-list like this:
> > > >
> > > > ip access-list logging interval 30000
> > > > ip access-list log-update threshold 10000
> > > >
> > > > But there are still many messages outputted. How can I slow it down?
> > > > And how
> > > > to use access-list rate limit feature? I think the parameters I
> > > > configured
> > > > are rather high but they didn't help.
> > > >
> > > > Thanks
> > > >
> > > > Phuc
> > > >
> > > >
> > > > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > >
> > >
> > >
> > > --
> > > Shiran Guez
> > > MCSE CCNP NCE1
> > > http://cciep3.blogspot.com
> > > http://www.linkedin.com/in/cciep3
> >
> >
> >
>
>
> --
> Shiran Guez
> MCSE CCNP NCE1
> http://cciep3.blogspot.com
> http://www.linkedin.com/in/cciep3
This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST