Firewall Logging - Error "Maximum events per second threshold exceeded"

This article will help to provide information about the firewall log events displaying error message "maximum events per second threshold exceeded", as shown below:

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

1. Login to management interface of firewall and disable or adjust the following options under Device | Log | Syslog | Syslog Servers
   
    Enable Event Rate Limiting:
   This control allows you to enable rate limiting of events to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of events in the Maximum Events Per Second field; the default is 1000 per second.
   
   Enable Data Rate Limiting:
   This control allows you to enable rate limiting of data to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of bytes in the Maximum Bytes Per Second field; the default is 10000000 bytes per second.
   
   
2. How to Test:
   After adjusting or disabling the above settings, navigate back to Monitor | Logs | System Logs  to review the change and you should no longer receive those log events.
   
   

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

1. Login to management interface of firewall and disable or adjust the following options under Manage | Log Settings | Syslog | Syslog Servers
   
    Enable Event Rate Limiting:
   This control allows you to enable rate limiting of events to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of events in the Maximum Events Per Second field; the default is 1000 per second.
   
   Enable Data Rate Limiting:
   This control allows you to enable rate limiting of data to prevent the internal or external logging mechanism from being overwhelmed by log events. Specify the maximum number of bytes in the Maximum Bytes Per Second field; the default is 10000000 bytes per second.
   
   
   
2. How to Test:
   After adjusting or disabling the above settings, navigate back to Investigate | Logs | Event Logs  to review the change and you should no longer receive those log events.

NOTE: On Gen 6 devices, you also have the option to define the rate limiting settings globally as well instead for each individual syslog server under Syslog Page.