Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Unanswered Question
Jul 9th, 2010

Hi there

I have an ASA running the Botnet Traffic Filter, the ASA is configured to send notification syslog messages to Cisco Works RME, I can see that most syslog messages are being sent to RME however when I run a report to fillter on the botnet black listed syslog messages (338001 - 338004) these syslog events don't apear in the RME report. When I use the Real-Time Log Viewer on the ASA I can see these syslog messages are being generated.

Anyone any ideas?

Cheers

Tim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sat, 07/10/2010 - 14:23

Are any syslog messages from the ASA being processed (i.e. do any messages show up in the RME Standard Report for this device)?  Post a screenshot of RME > Tools > Syslog > Message Filters.

Tim Davies Mon, 07/12/2010 - 04:33

I have found a work around, the issue is when logging in EMBLEM format from the ASA. I have disabled this and the Botnet Filter syslog messages now show up in RME.

Joe Clarke Mon, 07/12/2010 - 11:01

Are you sure you don't mean the opposite?  RME wants EMBLEM formatted messages.  What do the messages look like now?

Actions

This Discussion