Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
0
Helpful
2
Replies

DOS traps from CSS - can we see source IP in trap ?

a.gesse
Level 1
Level 1

‎12-06-2006 08:00 AM

Hi everyone,

regarding DOS attack traps generated from CSS,

is there way to put more info in the message,

like source IP of attacker that caused the trap ?

I can see some source IPs in "sh dos" output,

but it hard to find the latest events/IP in the output

Currently I am getting just number of SYNs and time stamp in the trap

regards,

Alex

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-13-2006 08:03 AM

set the flowmgr logging level to debug and you should see something like this in the log :

13 DEC 11:45:43 3/1 18 FLOWMGR-7:

DoS SYN attack: 20.20.20.20:4000->192.168.20.222:81

synCnt: 1, initSeq: 776425626

Gilles.

0 Helpful
Customers Also Viewed These Support Documents