Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
2
Replies

CSA RULE SET TO NOT LOG BUT STILL SHOWING UP

dclewis
Level 1
Level 1

‎11-03-2005 10:27 AM - edited ‎03-09-2019 12:55 PM

I HAVE A CSA RULE FOR ICMP TO DENY "pre V4.5 description: Detect network scans and SYN flood attacks" MY RULE NUMBER 940 WHICH I BELIEVE DOESN'T MEAN ANYTHING SPECIFIC.

WHEN I SET IT TO DENY AND NOT LOG. I AM STILL RECEIVING SERVAL MESSAGES PER MINUTE.

ANY THOUGHTS

THANKS IN ADVANCE

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎11-03-2005 07:41 PM

Is the group in test mode? In test mode rules under that group will always log, regardless of the setting. The theory is that if you're testing something you want to see it logging, and when you later take it out of test mode the logging will be off as you have set.

0 Helpful

dclewis
Level 1
Level 1
In response to gfullage

‎11-07-2005 11:17 AM

These are servers that are out of test mode.

0 Helpful
Customers Also Viewed These Support Documents