Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

MARS reports. Display any packet denied during last hour

Hello.

How can I display any packet denied due to security policy. I can run a query, but then I only get the total amount of session not the actual session. If I use a rule and incident I can see all the denied hosts but with several different incident id's over the last hour.. any ideas?

1 REPLY
Gold

Re: MARS reports. Display any packet denied during last hour

If you mean you just want to see the relevant packet details (ip addresses, ports, protocol) then try this:

query result type = "all matching events"

Events = "deny packet due to security policy"

127
Views
0
Helpful
1
Replies
CreatePlease to create content