07-09-2010 03:18 AM
Hi there
I have an ASA running the Botnet Traffic Filter, the ASA is configured to send notification syslog messages to Cisco Works RME, I can see that most syslog messages are being sent to RME however when I run a report to fillter on the botnet black listed syslog messages (338001 - 338004) these syslog events don't apear in the RME report. When I use the Real-Time Log Viewer on the ASA I can see these syslog messages are being generated.
Anyone any ideas?
Cheers
Tim
07-10-2010 02:23 PM
Are any syslog messages from the ASA being processed (i.e. do any messages show up in the RME Standard Report for this device)? Post a screenshot of RME > Tools > Syslog > Message Filters.
07-12-2010 03:32 AM
07-12-2010 04:33 AM
I have found a work around, the issue is when logging in EMBLEM format from the ASA. I have disabled this and the Botnet Filter syslog messages now show up in RME.
07-12-2010 11:01 AM
Are you sure you don't mean the opposite? RME wants EMBLEM formatted messages. What do the messages look like now?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide