Rate Limiting Behavior
Log Interval
ACL Logging Limitations
132
G8264 Application Guide for ENOS 8.4
Because ACL logging can be CPU‐intensive, logging is rate‐limited. By default, the
switch will log only 10 matching packets per second. This pool is shared by all
log‐enabled ACLs. The global rate limit can be changed as follows:
RS G8264(config)# accesscontrol log ratelimit <1‐1000>
Where the limit is specified in packets per second.
For each log‐enabled ACL, the first packet that matches the ACL initiates an
immediate message in the system log. Beyond that, additional matches are subject
to the log interval. By default, the switch will buffer ACL log messages for a period
of 300 seconds. At the end of that interval, all messages in the buffer are written to
the system log. The global interval value can be changed as follows:
RS G8264(config)# accesscontrol log interval <5‐600>
Where the interval rate is specified in seconds.
In any given interval, packets that have identical log information are condensed
into a single message. However, the packet count shown in the ACL log message
represents only the logged messages, which due to rate‐limiting, may be
significantly less than the number of packets actually matched by the ACL.
Also, the switch is limited to 64 different ACL log messages in any interval. Once
the threshold is reached, the oldest message will be discarded in favor of the new
message, and an overflow message will be added to the system log.
ACL logging reserves packet queue 1 for internal use. Features that allow
remapping packet queues (such as CoPP) may not behave as expected if other
packet flows are reconfigured to use queue 1.