12-06-2006 08:00 AM
Hi everyone,
regarding DOS attack traps generated from CSS,
is there way to put more info in the message,
like source IP of attacker that caused the trap ?
I can see some source IPs in "sh dos" output,
but it hard to find the latest events/IP in the output
Currently I am getting just number of SYNs and time stamp in the trap
regards,
Alex
12-13-2006 07:36 AM
This URL should help you:
http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_500/reln5b20.htm#xtocid5
12-13-2006 08:03 AM
set the flowmgr logging level to debug and you should see something like this in the log :
13 DEC 11:45:43 3/1 18 FLOWMGR-7:
DoS SYN attack: 20.20.20.20:4000->192.168.20.222:81
synCnt: 1, initSeq: 776425626
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide