not with a drop rule. modify the inspection rule that is firing(if it's a default system rule, you're have to copy it, disable the original, and modify the copied version). Find the offset that is matching and modify it as necessary.
Your solutions seems to be what I am looking for. Unfortunately I can not seem to locate any decent documentation on chaning the current rule to filter out a syslog containing a specific keyword from a specific device. If its not too much to ask, can you point me to some docs (either online or purchased) that can assist me in editing the rule?
hmmm...I think that's going to be a challenge and not likely found in a book or other documentation. If you add a "!= switch a" in the device column for an offset, the offset will not match on any events from that device regardless of the keyword criteria.
If the device name is not in the raw message, I don't see any way around that. Assuming a very basic rule with a single offset...
I think you'll have to modify the original offset with a "!= switch a" in device column. Then add an offset which specifically matches on that device and uses a keyword to filter out the specific port indicated in the raw message.
There's a trick to that too, because you can't just a have a "!=" keyword. You have to first match on something and then add a "NOT" keyword which indicates the port.
Hopefully that will get you started at least. It can get really messy with multiple offsets because you'll have to figure out where to add the offset and may even have to add multiple offsets and in the right place.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...