×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CSA RULE SET TO NOT LOG BUT STILL SHOWING UP

Unanswered Question
Nov 3rd, 2005
User Badges:

I HAVE A CSA RULE FOR ICMP TO DENY "pre V4.5 description: Detect network scans and SYN flood attacks" MY RULE NUMBER 940 WHICH I BELIEVE DOESN'T MEAN ANYTHING SPECIFIC.


WHEN I SET IT TO DENY AND NOT LOG. I AM STILL RECEIVING SERVAL MESSAGES PER MINUTE.


ANY THOUGHTS


THANKS IN ADVANCE

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Thu, 11/03/2005 - 19:41
User Badges:
  • Cisco Employee,

Is the group in test mode? In test mode rules under that group will always log, regardless of the setting. The theory is that if you're testing something you want to see it logging, and when you later take it out of test mode the logging will be off as you have set.

dclewis Mon, 11/07/2005 - 11:17
User Badges:

These are servers that are out of test mode.

Actions

This Discussion