Attack to interface outside ASA 5510

wilmerreyes — Mon, 11 Mar 2019 12:24:11 GMT

Hi, We are to pain very attack of DoS.

We want to know:

1. If we can see in the ASA which IP's and the percentage of total bandwidth usage in real time

2. or a software of Cisco or third to this.

Thanks

Re: Attack to interface outside ASA 5510

abinjola — Sat, 29 Mar 2008 01:08:49 GMT

Also about the bandwidth utilisation unfortunately that cant be found out on Pix/ASA

It is not possible to check with the bandwidth using syslogs at all. However, if the

bandwidth drops to 0 the Pix/ASA would report an error in syslog with the ID: 613002 and for

this you need to enable logging to level 6 (informational).

However, on PDM, it would show the system resources as well as the traffic passing

through the Pix/ASA.

I do understand that it is difficult to interpret the the output of syslogs as it always

would be huge and a bit confusing but there is no way out and just to copy them on a

notepad/wordpad and with the help of search can check with any ip address or any other

string. However, you can use some 3rd party softwares and refine the search based on ip

addresses or any other paramenters which are predifined on the softwares and it would

return you a clean output of the thing you are looking for. Below are the two links for

two different softwares.

For this kind of reporting, you will need to

have a software with reporting capability. The following are options for

you:

Cisco Products:

CS-MARS -

00804f1622.html

Monitoring Center for Performance (MCP)

186a00801d2f47.shtml

Some other third party products:

Network Intelligence Engine from Network Intelligence

Network Security Analyzer and FirewallAnalyzer Enterprise from eIQnetworks

Sawmill Log Analyzer from FlowerFire

These are just some to name. You can do a search on Google for other

applications.