Re: [OSL | CCIE_Security] Logging interval

[Pieter-Jan Nefkens]

Hi Kings, Yes, but that is the rate-limit that specifies the max amount of log messages per time. This interval sets the time between the logging. If I've understood it correctly, setting logging rate-limit means you set the maximum rate-limit for _all_ messages (as it is a global config), so also debug messages, and other events that need be logged. But with the logging interval, you can specify the time between the logging messags, so if you would specify  logging interval 500 it means that log messges can only be generated for each half a second. This is a config example from the IOS guide: Configuring Global Control Plane Logging for Dropped and Permitted Packets: Example The following example shows how to configure a global control-plane logging service policy to log all dropped and permitted packets that hit the control-plane host feature path only, regardless of the interface from which the packets enter the router. Also, the router rate-limits the log messages to one every 5 seconds. ! Define a class map of type logging to specify what packets will be logged. Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# class-map type logging match-any cpplog-host-map Router(config-cmap)# match packets dropped Router(config-cmap)# match packets permitted Router(config-cmap)# exit ! Define a policy map of type logging using your logging class map and rate-limit log messages to one every 5 seconds. Router(config)# policy-map type logging cpplog-host-policy Router(config-pmap)# class cpplog-host-map Router(config-pmap-c)# log interval 5000 Router(config-pmap-c)# exit Router(config-pmap)# exit ! Apply the new logging policy map to the control-plane host feature path interface. Router(config)# control-plane host Router(config-cp)# service-policy type logging input cpplog-host-policy Router(config-cp)# end Router# Aug 8 17:57:57.359: %SYS-5-CONFIG_I: Configured from console by cisco on console Router# The following output displays the logging policy map that was just added to the control-plane host feature path interface: Router# show policy-map type logging control-plane host Control Plane Host Service-policy logging input: cpplog-host-policy Class-map: cpplog-host-map (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: packets dropped 0 packets, 0 bytes 5 minute rate 0 bps Match: packets permitted 0 packets, 0 bytes 5 minute rate 0 bps log interval 5000 Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any On 14 mei 2010, at 08:42, Kingsley Charles wrote: Hi Pieter We do have "logging rate-limit" command right?   With regards Kings   On Fri, May 14, 2010 at 12:07 PM, Pieter-Jan Nefkens <pjnefk...@nefkensadvies.nl> wrote: Hi Kings, The logging interval sets the time between to log messages: "There is also an option to configure the rate-limit interval for which log messages are created, that is the interval between the logging of two messages" Go to the IOS 12.4T, Configuring Control Plane Security, Control Plane logging and search for logging interval It's basically protection. Suppose a hacker "assumes" that you have logging enabled on a specific access-list, or some other traffic.  It could then overload the router if it would hit that access-list continuously, and thus making sure that the router is only processing the log messages and doesn't have sufficient time for the other stuff the control plane is supposed to do (arp, routing protocols, etc) HTH Pieter-Jan On 14 mei 2010, at 08:05, Kingsley Charles wrote: Hi all   Can someone please let me know what is "Logging Interval" referring to?   This list is from CCIEchecklist Cisco IOS Software-Based CPU Protection Mechanisms (Options Drop, Logging Interval, CPU Threshold)   Options drop - use ip options drop or named acl with options CPU Threshold - use "process cpu threshold type total rising 60 interval 30 falling 30 interval 30 Logging Interval - which command?   If you have comments on the "options drop" and cpu thresold", please do add it too.   With regards Kings   _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/ <green.gif> Think before you print. --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com