cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
436
Views
5
Helpful
2
Replies

Can CS-MARS perform mitigation access-list on FWSM?

more_jazZz_2
Level 1
Level 1

Hi guys!

I have couple questions:

1)Can CS-MARS perform mitigation access-list on FWSM?

2)How I can estimate how many events and netflows in one second recieve my MARS box.

Thanks

2 Replies 2

mhellman
Level 7
Level 7

Don't do mitigation and don't have FWSM, so I can't answer your first question. Regarding the second...There are a couple ways, neither is perfect but give you a good approximation.

a) Use the "Events and NetFlow" graph on the summary page. Divide the peak "avg/min" values by 60.

b) collect the logs using the pnlog command in the CLI. in the janus-logs.tar.gz you will find a janus_log file. This is the same data shown in Admin->System Maintenance->View Log Files...except now you can search through it better. Use a tool like grep to pull out and sort the message rates. the last entry is your peak.

> grep "PN-2016" janus_log | cut -d" " -f7 | sort -n

Thank you for your answer, it is realy good help for me! About FWSM, I read in the config guides, MARS can perfom mitigation only on Layer 2 device, for FWSM MARS may only suggest shun commands, but not perform mitigation commands.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: