Thx Pieter. So I understand control-plane is the only feature that can configure logging interval.
With regards Kings On Fri, May 14, 2010 at 12:26 PM, Pieter-Jan Nefkens < [email protected]> wrote: > Hi Kings, > > Yes, but that is the rate-limit that specifies the max amount of log > messages per time. This interval sets the time between the logging. > If I've understood it correctly, > > setting logging rate-limit means you set the maximum rate-limit for _all_ > messages (as it is a global config), so also debug messages, and other > events that need be logged. > > But with the logging interval, you can specify the time between the logging > messags, so if you would specify > logging interval 500 > it means that log messges can only be generated for each half a second. > > > This is a config example from the IOS guide: > > Configuring Global Control Plane Logging for Dropped and Permitted > Packets: Example > > The following example shows how to configure a global control-plane logging > service policy to log all dropped and permitted packets that hit the > control-plane host feature path only, regardless of the interface from which > the packets enter the router. Also, the router rate-limits the log messages > to one every 5 seconds. > > ! Define a class map of type logging to specify what packets will be > logged. > > Router# configure terminal > > Enter configuration commands, one per line. End with CNTL/Z. > > Router(config)# class-map type logging match-any cpplog-host-map > > Router(config-cmap)# match packets dropped > > Router(config-cmap)# match packets permitted > > Router(config-cmap)# exit > > ! Define a policy map of type logging using your logging class map and > rate-limit log messages to one every 5 seconds. > > Router(config)# policy-map type logging cpplog-host-policy > > Router(config-pmap)# class cpplog-host-map > > Router(config-pmap-c)# log interval 5000 > > Router(config-pmap-c)# exit > > Router(config-pmap)# exit > > ! Apply the new logging policy map to the control-plane host feature path > interface. > > Router(config)# control-plane host > > Router(config-cp)# service-policy type logging input cpplog-host-policy > > Router(config-cp)# end > > Router# > > Aug 8 17:57:57.359: %SYS-5-CONFIG_I: Configured from console by cisco on > console > > Router# > > The following output displays the logging policy map that was just added to > the control-plane host feature path interface: > > Router# show policy-map type logging control-plane host > > Control Plane Host > > Service-policy logging input: cpplog-host-policy > > Class-map: cpplog-host-map (match-any) > > 0 packets, 0 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: packets dropped > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > Match: packets permitted > > 0 packets, 0 bytes > > 5 minute rate 0 bps > > log interval 5000 > > Class-map: class-default (match-any) > > 0 packets, 0 bytes > > 5 minute offered rate 0 bps, drop rate 0 bps > > Match: any > > > > On 14 mei 2010, at 08:42, Kingsley Charles wrote: > > Hi Pieter > We do have "logging rate-limit" command right? > > With regards > Kings > > > On Fri, May 14, 2010 at 12:07 PM, Pieter-Jan Nefkens < > [email protected]> wrote: > >> Hi Kings, >> >> The logging interval sets the time between to log messages: >> >> "There is also an option to configure the rate-limit interval for which >> log messages are created, that is the interval between the logging of two >> messages" >> >> Go to the IOS 12.4T, Configuring Control Plane Security, Control Plane >> logging and search for logging interval >> >> It's basically protection. Suppose a hacker "assumes" that you have >> logging enabled on a specific access-list, or some other traffic. >> It could then overload the router if it would hit that access-list >> continuously, and thus making sure that the router is only processing the >> log messages and doesn't have sufficient time for the other stuff the >> control plane is supposed to do (arp, routing protocols, etc) >> >> HTH >> >> Pieter-Jan >> >> On 14 mei 2010, at 08:05, Kingsley Charles wrote: >> >> Hi all >> >> Can someone please let me know what is "Logging Interval" referring to? >> >> This list is from CCIEchecklist >> >> Cisco IOS Software-Based CPU Protection Mechanisms >> >> (Options Drop, Logging Interval, CPU Threshold) >> >> >> *Options drop* - use ip options drop or named acl with options >> >> *CPU Threshold* - use "process cpu threshold type total rising 60 >> interval 30 falling 30 interval 30 >> >> *Logging Interval* - which command? >> >> >> If you have comments on the "options drop" and cpu thresold", please do >> add it too. >> >> >> With regards >> >> Kings >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> >> --- >> Nefkens Advies >> Enk 26 >> 4214 DD Vuren >> The Netherlands >> >> Tel: +31 183 634730 >> Fax: +31 183 690113 >> Cell: +31 654 323221 >> Email: [email protected] >> Web: http://www.nefkensadvies.nl/ >> >> <green.gif> Think before you print. >> >> >> >> >> > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > Tel: +31 183 634730 > > Fax: +31 183 690113 > > Cell: +31 654 323221 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > Think before you print. > > > > >
<<green.gif>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
