05-16-2011 06:54 AM - edited 03-01-2019 02:26 PM
Hi,
What means this logs that I could see in the SCE8000?.
2011-05-13 10:34:14 | INFO | CPU #000 | trap:line attack log is full phyIndex: 1 type: 5 severity: 3
2011-05-13 10:34:14 | INFO | CPU #000 | trap:line attack log is not full phyIndex: 1 type: 5 severity: 3
Thanks,
Jaime.
05-16-2011 10:11 AM
Below message in the log represents "line-attack log is full" trap.
SCE8000#>show logger device Line-Attack-File-Log Device
Line-Attack-File-Log status: Enabled Device Line-Attack-File-Log file size: 1000000
When the size of the line-Attack-File log exceed the max file size (as mentioned in the above CLI response), it will generate the below log
message. It is the time the line attack log wraps.
The log contains information about when the attack is started and ended,the source and destination address, port, protocol, the direction of the
traffic, flows etc of the attack. The log is interpreted as lin-atck.csv when support file is generated.
05-16-2011 12:03 PM
Thanks Shelley, I understand.
But still I have a question. That log is of concern or just information, what may have happened to exceeding the size of the line-Attack-File?
05-16-2011 12:36 PM
do a show logger device Line-Attack-File-Log counters and see if there are a great number of Error or Fatal counters.
It is not a major concern overall as this file grows with time. It can be cleared by using the command : clear logger device line-attack-file-log. If the errors shows up again the next few days, there is some repeated attack attempts that you should investigate. Generating a support file which will get the logs and can be reviewed by a Cisco TAC engineer.
Regards
Shelley.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide