Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
3
Replies

6500 IDSM-2 SigID 994/995

stevew
Level 1
Level 1

‎03-29-2005 11:58 AM - edited ‎03-10-2019 01:21 AM

I'm getting constant 994/995 flow Starts/Stops. Approximatley every 30seconds. Can't find docs on how to correct this or where to look.

Labels:
0 Helpful
3 Replies 3

mkodali
Cisco Employee
Cisco Employee

‎03-29-2005 02:30 PM

This is not an error condition on the part of Sensor to be corrected. These sigs are generated everytime the sniffing interface nic detects a packet after an interval of no activity or when it does not detect any packet till some time. If you don't want to see those alerts, you can disable those sigs, which I hope you know how to.

0 Helpful

a.arndt
Level 3
Level 3
In response to mkodali

‎03-30-2005 06:04 AM

They have their utility though. If you're using a 3rd party SIMS with a RDEP client, these messages can be used to keep tabs on the sensor.

Consider them a 'hearbeat', especially if your sensor is highly tuned and alerts are rare.

That being said, they are otherwise generally expendable...

Alex Arndt

0 Helpful

stevew
Level 1
Level 1
In response to mkodali

‎03-30-2005 06:30 AM

Thanks. From the cisco docs it made it sound like a sensor error. I've already disabled them.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card