09-13-2002 06:04 AM - edited 03-09-2019 12:18 AM
We have a sensor that is reporting "Missed packet count" events. Can someone please post an explaination of this event? It does not seem to be on the Cisco web site or in the NSDB
09-13-2002 07:00 AM
I had read it from "Catalyst 6000 Family Intrusion Detection System Module Installation and Configuration Note Version 3.0" on Cisco web.
It says:
Alarm 993, the missed packet alarm, tells you if you are dropping packets and the percentage dropped
to help you tune the traffic level you are sending to the IDSM. If you have zero or a small percentage of
dropped packets, the missed packet alarm is telling you that the IDSM is able to monitor the quantity of
traffic being sent. For example, if you see that 10 percent of the packets are getting dropped, you could
be missing the same percentage of alarms.
09-23-2002 07:33 AM
We have the same problem with a sensor. If I temporally remove the exclusion statements:
"RecordOfExcludedPattern * * ...."
the drop rate goes down to near zero. This is working for RecordOfExcludedPattern for all signatures and subsignatures only. Even two of those statements does increase the drop rate up to 20 percent ! Unfortunally we need these statements.
Anybody here with the same experience ???
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide