Re: Logs in SCE8000

Jaime Soto Valenzuela · ‎05-16-2011

Hi,

What means this logs that I could see in the SCE8000?.

2011-05-13 10:34:14 | INFO | CPU #000 | trap:line attack log is full phyIndex: 1 type: 5 severity: 3

2011-05-13 10:34:14 | INFO | CPU #000 | trap:line attack log is not full phyIndex: 1 type: 5 severity: 3

Thanks,

Jaime.

Shelley Bhalla · ‎05-16-2011

Below message in the log represents "line-attack log is full" trap.

SCE8000#>show logger device Line-Attack-File-Log Device
Line-Attack-File-Log status: Enabled Device Line-Attack-File-Log file size: 1000000

When the size of the line-Attack-File log exceed the max file size (as mentioned in the above CLI response), it will generate the below log
message. It is the time the line attack log wraps.

The log contains information about when the attack is started and ended,the source and destination address, port, protocol, the direction of the
traffic, flows etc of the attack. The log is interpreted as lin-atck.csv when support file is generated.

Jaime Soto Valenzuela · ‎05-16-2011

Thanks Shelley, I understand.

But still I have a question. That log is of concern or just information, what may have happened to exceeding the size of the line-Attack-File?

Shelley Bhalla · ‎05-16-2011

do a show logger device Line-Attack-File-Log counters and see if there are a great number of Error or Fatal counters.

It is not a major concern overall as this file grows with time. It can be cleared by using the command : clear logger device line-attack-file-log. If the errors shows up again the next few days, there is some repeated attack attempts that you should investigate. Generating a support file which will get the logs and can be reviewed by a Cisco TAC engineer.

Regards

Shelley.