02-24-2008 05:43 AM - edited 02-20-2020 09:40 PM
Hi guys!
I have couple questions:
1)Can CS-MARS perform mitigation access-list on FWSM?
2)How I can estimate how many events and netflows in one second recieve my MARS box.
Thanks
02-26-2008 07:55 AM
Don't do mitigation and don't have FWSM, so I can't answer your first question. Regarding the second...There are a couple ways, neither is perfect but give you a good approximation.
a) Use the "Events and NetFlow" graph on the summary page. Divide the peak "avg/min" values by 60.
b) collect the logs using the pnlog command in the CLI. in the janus-logs.tar.gz you will find a janus_log file. This is the same data shown in Admin->System Maintenance->View Log Files...except now you can search through it better. Use a tool like grep to pull out and sort the message rates. the last entry is your peak.
> grep "PN-2016" janus_log | cut -d" " -f7 | sort -n
02-26-2008 08:03 PM
Thank you for your answer, it is realy good help for me! About FWSM, I read in the config guides, MARS can perfom mitigation only on Layer 2 device, for FWSM MARS may only suggest shun commands, but not perform mitigation commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide