https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4800822#M1098969 <P>TAC raised the severity for the issue about not beeing able to rate limit those syslog IDs and just replied and told be that this should be fixed in version 7.4, which will most likely will be released in April. The issue is not only with those specific IDs, but rather for all syslog IDs over <SPAN>805003 (I</SPAN>n the range&nbsp;<SPAN>805003 -&nbsp;8300006)&nbsp;</SPAN></P> <P>&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe68840" target="_self">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe68840</A>&nbsp;&nbsp;</P> <P>/Chess</P> Fri, 24 Mar 2023 12:29:36 GMT Chess Norris 2023-03-24T12:29:36Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4760033#M1097081 <P>Hello,</P> <P>I recently observed our FTD is getting flooded with&nbsp; lots of Syslog ID 852001 &amp; 852002 messages.</P> <P>It basically hundreds of those messages every minute (example below)</P> <P>Jan 23 2023 02:51:59: %FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow 10.199.254.162/27607 to 10.10.1.94/47873<BR />Jan 23 2023 02:51:59: %FTD-6-852001: Received Lightweight to full proxy event from application Snort for TCP flow 10.14.38.1/27789 to 10.20.8.146/8726<BR />Jan 23 2023 02:51:59: %FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow 10.14.38.1/27789 to 10.20.8.146/8726<BR />Jan 23 2023 02:52:04: %FTD-6-852001: Received Lightweight to full proxy event from application Snort for TCP flow 10.14.38.1/34260 to 10.10.1.101/8726<BR /><BR /></P> <P>I've read the explanation here</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs10.html#id_122205" target="_self">https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide/syslogs10.html#id_122205</A>&nbsp;</P> <P>but it's a bit vague and we dont have any SSL policys and I just started to noticed those messages recently.</P> <P><BR />Does anyone have an idea on what might trigger those messages?</P> <P><BR />There is also not possible to filter out those specifik syslog ID's due to a bug, which makes it even more frustrating</P> <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx37329" target="_self">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx37329</A>&nbsp;</P> <P>Thanks</P> <P>/Chess</P> <P>&nbsp;</P> Mon, 23 Jan 2023 14:39:31 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4760033#M1097081 Chess Norris 2023-01-23T14:39:31Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4760046#M1097084 <P>I haven't come across it but, given the BugID you cited, I'd encourage you to open a TAC case.</P> <P>Work on ENH (enhancement) bugs gets prioritized that way.</P> Mon, 23 Jan 2023 15:02:01 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4760046#M1097084 Marvin Rhoads 2023-01-23T15:02:01Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4761805#M1097162 <P>Thanks. I'll open a case with TAC and see what they say.</P> <P>/Chess</P> Wed, 25 Jan 2023 07:33:55 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4761805#M1097162 Chess Norris 2023-01-25T07:33:55Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4762053#M1097174 <P>I will check this Syslog message today.</P> Wed, 25 Jan 2023 13:08:23 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4762053#M1097174 MHM Cisco World 2023-01-25T13:08:23Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4800822#M1098969 <P>TAC raised the severity for the issue about not beeing able to rate limit those syslog IDs and just replied and told be that this should be fixed in version 7.4, which will most likely will be released in April. The issue is not only with those specific IDs, but rather for all syslog IDs over <SPAN>805003 (I</SPAN>n the range&nbsp;<SPAN>805003 -&nbsp;8300006)&nbsp;</SPAN></P> <P>&nbsp;<A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe68840" target="_self">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe68840</A>&nbsp;&nbsp;</P> <P>/Chess</P> Fri, 24 Mar 2023 12:29:36 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4800822#M1098969 Chess Norris 2023-03-24T12:29:36Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4800826#M1098970 <P>Thanks alot for your update&nbsp;</P> Fri, 24 Mar 2023 12:26:05 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4800826#M1098970 MHM Cisco World 2023-03-24T12:26:05Z https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4864385#M1102117 <P>Thank you for this - hope this gets fixed in 7.4.</P> Thu, 29 Jun 2023 06:50:56 GMT https://community.cisco.com/t5/network-security/syslog-id-852001-amp-852002/m-p/4864385#M1102117 adamgerber 2023-06-29T06:50:56Z