Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
2
Replies

sig 993 Missed packet count

dmarchelle
Level 1
Level 1

‎09-13-2002 06:04 AM - edited ‎03-09-2019 12:18 AM

We have a sensor that is reporting "Missed packet count" events. Can someone please post an explaination of this event? It does not seem to be on the Cisco web site or in the NSDB

Labels:
0 Helpful
2 Replies 2

jason_tsai
Level 1
Level 1

‎09-13-2002 07:00 AM

I had read it from "Catalyst 6000 Family Intrusion Detection System Module Installation and Configuration Note Version 3.0" on Cisco web.

It says:

Alarm 993, the missed packet alarm, tells you if you are dropping packets and the percentage dropped

to help you tune the traffic level you are sending to the IDSM. If you have zero or a small percentage of

dropped packets, the missed packet alarm is telling you that the IDSM is able to monitor the quantity of

traffic being sent. For example, if you see that 10 percent of the packets are getting dropped, you could

be missing the same percentage of alarms.

0 Helpful

pheuch
Level 1
Level 1
In response to jason_tsai

‎09-23-2002 07:33 AM

We have the same problem with a sensor. If I temporally remove the exclusion statements:

"RecordOfExcludedPattern * * ...."

the drop rate goes down to near zero. This is working for RecordOfExcludedPattern for all signatures and subsignatures only. Even two of those statements does increase the drop rate up to 20 percent ! Unfortunally we need these statements.

Anybody here with the same experience ???

0 Helpful
Customers Also Viewed These Support Documents