what does limit log messages 10/minute do? log ten minutes then stop or log every ten minutes?
1 Like
After reaching the default burst rate limit (which is 5), the system will log 10 packets per minute, which roughly means one packet every 6 seconds.
IMO the minimum meaningful value (if you really want to inspect the rejected traffic) is 5/sec.
1 Like
What value should I use there?
A numeric value express in minute (i.e. 5 or 10) or a keyword combination (5/sec or 5/second or 600/m)?
What keyword can I use (sec, second, min)?
The limit specifies the maximum average number of matches (packets) to allow for a given time period.
You can also use parts of the time units:
3/second is the same as 3/sec and 3/s
1 Like