We want to analyze syslog messages for Distributed Denial of Service (DDoS) attack. Only DoS attack related message ids are there in Syslog message guide.
Please suggest the messages ids for DDoS.
DoS and DDoS will essentially have the same syslog message ID, DDoS just refers to how the DoS attack is executed.
remember to select a correct answer and rate helpful posts
Agree Marius! But i'm looking for specific DDoS message Ids and in message description it should say for DDoS attack only.
As far as I know the ASA does not provide any logs that specifically state DDoS. If you want this you will need to invest in an IPS and look for matches on signature ID 1493/0.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: