Showing results for 
Search instead for 
Did you mean: 

CiscoSG350 switch - No syslog messages found

Level 1
Level 1


   I have configured below commands in cisco SG350 switch for DOS prevention, but after get SYN Attack in switch ports i am not getting SYSlog messages like below one 


01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1


01-Jan-2012 05:29:46: A TCP SYN Attack was identified on port gi1. TCP SYN
traffic destined to the local system is automatically blocked for 100


the above logs are not found also when i check the show commands there also not showing SYN blocked Ports, 


DOS#show security-suite syn protection
Protection Mode: Block
Threshold: 80
Recovery: 60

Interface                             Operational                                            Last Attack
Name                                    Status
----------- ------------- ---------------------------------------------



Attacked port not showing, 


The below commands i configured for DOS Prevention, 



DOS(config)#security-suite enable

DOS(config)#security-suite dos protection mode block


DOS(config)#interface range GigabitEthernet1 - 48

DOS(config-if-range)#switchport mode access

DOS(config-if-range)#switchport access vlan 3

DOS(config-if-range)#security-suite syn protection mode Block

DOS(config-if-range)#security-suite dos syn-attack 199 any


How do i get the Logs that my port Attacked by SYN ?


Pls share me the Commands. 





Yasmeen Shaul Hameed.


4 Replies 4

Hi Balaji

       I Have done above link enabled above link mentioned Options but i am not seeing below type of notification after SYN Attack in Switch Port 


switchxxxxxx# show security-suite syn protection
Protection Mode: Block
Threshold: 40 Packets Per Second
Period: 100 Seconds
Interface Name                                  Current Status                                     Last Attack


There is no block port showing in Interface Name, Current Status and Last Attack 


But my switch port got Attacked by SYN Flood 


In Show Security syn protection command nothing showing 



Do you see any attacks after you enabled . may be thinking after that you do not have any syn attacks, so it was not showing, so try to make any test device to attack simulation  on the interface you can see the logs ?



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes I have run the below command to test the SYN Attack in one Switch Port, 


hping3 -c 10000 -d 128 -S -w 64 -p 8000 --flood --rand -source


after run this command we didn't see any SYSLOG messages in that Particular port 


switchxxxxxx# show security-suite syn protection
Protection Mode: Block
Threshold: 40 Packets Per Second
Period: 100 Seconds
Interface Name                                  Current Status                                     Last Attack


The interface is blank no information. while i run the Show commands