Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sig 993 Missed packet count

We have a sensor that is reporting "Missed packet count" events. Can someone please post an explaination of this event? It does not seem to be on the Cisco web site or in the NSDB

2 REPLIES
New Member

Re: sig 993 Missed packet count

I had read it from "Catalyst 6000 Family Intrusion Detection System Module Installation and Configuration Note Version 3.0" on Cisco web.

It says:

Alarm 993, the missed packet alarm, tells you if you are dropping packets and the percentage dropped

to help you tune the traffic level you are sending to the IDSM. If you have zero or a small percentage of

dropped packets, the missed packet alarm is telling you that the IDSM is able to monitor the quantity of

traffic being sent. For example, if you see that 10 percent of the packets are getting dropped, you could

be missing the same percentage of alarms.

New Member

Re: sig 993 Missed packet count

We have the same problem with a sensor. If I temporally remove the exclusion statements:

"RecordOfExcludedPattern * * ...."

the drop rate goes down to near zero. This is working for RecordOfExcludedPattern for all signatures and subsignatures only. Even two of those statements does increase the drop rate up to 20 percent ! Unfortunally we need these statements.

Anybody here with the same experience ???

168
Views
0
Helpful
2
Replies
CreatePlease login to create content