Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
3
Replies

Cisco ASA Syslog meesage id for Distributed Denial of Service (DDoS)

shalendra2
Beginner
Beginner

‎02-10-2016 09:51 PM - edited ‎03-12-2019 12:16 AM

Hi Team,

               We want to analyze syslog messages for Distributed Denial of Service (DDoS) attack. Only DoS attack related message ids are there in Syslog message guide.

Please suggest the messages ids for DDoS.

-Shalendra

Labels:
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎02-10-2016 10:25 PM

DoS and DDoS will essentially have the same syslog message ID, DDoS just refers to how the DoS attack is executed.

--

remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

shalendra2
Beginner
Beginner
In response to Marius Gunnerud

‎02-10-2016 11:30 PM

Agree Marius! But i'm looking for specific DDoS message Ids and in message description it should say for DDoS attack only.

-Shalendra

0 Helpful

Marius Gunnerud
VIP
VIP
In response to shalendra2

‎02-11-2016 12:20 AM

As far as I know the ASA does not provide any logs that specifically state DDoS.  If you want this you will need to invest in an IPS and look for matches on signature ID 1493/0.

--

remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents