Limiting the frequency of log messages

The purpose of rate-limiting the log messaging is to prevent the log file from becoming too full. When a move attempt (or intrusion) is logged and a message sent to the log file, message throttling is imposed on the logging of subsequent move attempts. The logging system checks move attempts to incorrect ports 5 minutes after the initial attack. If there has been a second attack within the 5 minute interval, the log file registers the most recent attempt and then checks every hour for new attempts If, after an hour, no other attempts have been made, the log resets itself and reverts to checking one time per day.

The switch can also be configured to copy the log messages to a chosen syslog server. See the management and configuration guide for your switch.