Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Tim Davies · ‎07-09-2010

Hi there

I have an ASA running the Botnet Traffic Filter, the ASA is configured to send notification syslog messages to Cisco Works RME, I can see that most syslog messages are being sent to RME however when I run a report to fillter on the botnet black listed syslog messages (338001 - 338004) these syslog events don't apear in the RME report. When I use the Real-Time Log Viewer on the ASA I can see these syslog messages are being generated.

Anyone any ideas?

Cheers

Tim

Joe Clarke · ‎07-10-2010

Are any syslog messages from the ASA being processed (i.e. do any messages show up in the RME Standard Report for this device)? Post a screenshot of RME > Tools > Syslog > Message Filters.

Tim Davies · ‎07-12-2010

Thanks for the reply, I have run a standard report and messages up to level 5 (Notifications) are shown.

I have attached the requested screen shot.

Thanks

Tim

Tim Davies · ‎07-12-2010

I have found a work around, the issue is when logging in EMBLEM format from the ASA. I have disabled this and the Botnet Filter syslog messages now show up in RME.

Joe Clarke · ‎07-12-2010

Are you sure you don't mean the opposite? RME wants EMBLEM formatted messages. What do the messages look like now?