Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Hi there

I have an ASA running the Botnet Traffic Filter, the ASA is configured to send notification syslog messages to Cisco Works RME, I can see that most syslog messages are being sent to RME however when I run a report to fillter on the botnet black listed syslog messages (338001 - 338004) these syslog events don't apear in the RME report. When I use the Real-Time Log Viewer on the ASA I can see these syslog messages are being generated.

Anyone any ideas?

Cheers

Tim

4 REPLIES
Cisco Employee

Re: Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Are any syslog messages from the ASA being processed (i.e. do any messages show up in the RME Standard Report for this device)?  Post a screenshot of RME > Tools > Syslog > Message Filters.

New Member

Re: Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Thanks for the reply, I have run a standard report and messages up to level 5 (Notifications) are shown.

I have attached the requested screen shot.

Thanks

Tim

New Member

Re: Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

I have found a work around, the issue is when logging in EMBLEM format from the ASA. I have disabled this and the Botnet Filter syslog messages now show up in RME.

Cisco Employee

Re: Cisco Works 3.2 RME 4.3.1 - Botnet Traffic Filter

Are you sure you don't mean the opposite?  RME wants EMBLEM formatted messages.  What do the messages look like now?

229
Views
0
Helpful
4
Replies