You wish to rate-limit the syslog traffic to your server.
Use the logging rate-limit configuration command to limit the number of syslog packets sent to your server:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging 172.25.1.1 Router(config)#logging rate-limit 30 except warnings Router(config)#end Router#
To rate-limit the number of log messages sent to the console port, use the following command:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging rate-limit console 25 except warnings
Router(config)#end
Router#
This feature became available starting in IOS Version 12.1(3)T.
By default, a router that is configured for remote logging will forward all log messages to the syslog server as they are created, regardless of how many messages there are. The rate-limit command will throttle the number of packets to ensure that router won't flood the network or syslog server. It is particularly useful to throttle syslog messages when forwarding debug traces or if the network is congested.
Cisco provides the option to throttle log messages sent to the console port as well. This feature is important since all messages written to the console port cause CPU interrupts. If a large number of log messages are being sent to the console port, the router can suffer noticeable service degradation. Being able to rate-limit messages is an effective alternative to completely disabling them.
The syntax for rate-limiting includes several options. The first example limits the rate of syslog messages to 30 messages per second. You can configure this option to send any number from 1 to 10,000 messages per second. Since log messages vary in length, it is difficult to calculate a meaningful number in terms of bytes per second. However, a typical average size for a log message is between 150 and 170 bytes. So we can roughly estimate that 30 messages per second will correspond to 36,000 to 40,800 bits per second, which is a good limit for serial lines.
Both examples in this section use optional the keyword except. Use this keyword to ensure that only noncritical messages become rate-limited. For example, to rate-limit all messages at a warning severity level or lower, and to allow all higher severity messages to be sent without restriction, use the except keyword. Note that the keyword all is equivalent to setting the except option at the debug level, meaning all messages are rate-limited.
|
|
|
| Top |