Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSA RULE SET TO NOT LOG BUT STILL SHOWING UP

I HAVE A CSA RULE FOR ICMP TO DENY "pre V4.5 description: Detect network scans and SYN flood attacks" MY RULE NUMBER 940 WHICH I BELIEVE DOESN'T MEAN ANYTHING SPECIFIC.

WHEN I SET IT TO DENY AND NOT LOG. I AM STILL RECEIVING SERVAL MESSAGES PER MINUTE.

ANY THOUGHTS

THANKS IN ADVANCE

2 REPLIES
Cisco Employee

Re: CSA RULE SET TO NOT LOG BUT STILL SHOWING UP

Is the group in test mode? In test mode rules under that group will always log, regardless of the setting. The theory is that if you're testing something you want to see it logging, and when you later take it out of test mode the logging will be off as you have set.

Community Member

Re: CSA RULE SET TO NOT LOG BUT STILL SHOWING UP

These are servers that are out of test mode.

84
Views
0
Helpful
2
Replies
CreatePlease to create content