Can CS-MARS perform mitigation access-list on FWSM?

Unanswered Question
Feb 24th, 2008

Hi guys!

I have couple questions:

1)Can CS-MARS perform mitigation access-list on FWSM?

2)How I can estimate how many events and netflows in one second recieve my MARS box.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mhellman Tue, 02/26/2008 - 07:55

Don't do mitigation and don't have FWSM, so I can't answer your first question. Regarding the second...There are a couple ways, neither is perfect but give you a good approximation.

a) Use the "Events and NetFlow" graph on the summary page. Divide the peak "avg/min" values by 60.

b) collect the logs using the pnlog command in the CLI. in the janus-logs.tar.gz you will find a janus_log file. This is the same data shown in Admin->System Maintenance->View Log Files...except now you can search through it better. Use a tool like grep to pull out and sort the message rates. the last entry is your peak.

> grep "PN-2016" janus_log | cut -d" " -f7 | sort -n

more_jazZz_2 Tue, 02/26/2008 - 20:03

Thank you for your answer, it is realy good help for me! About FWSM, I read in the config guides, MARS can perfom mitigation only on Layer 2 device, for FWSM MARS may only suggest shun commands, but not perform mitigation commands.

Actions

This Discussion