Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
0
Replies

Verify Unified Logging for Security Connection Events

whistleblower14
Level 1
Level 1

‎03-11-2022 01:35 AM - edited ‎03-11-2022 01:37 AM

Hi all,

I`m currently trying to deal more intensively with the ZBFW-Unified Security Policy and the possible Unified Logging of the UTD features!

https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/m-firewall-17.html#Cisco_Concept.dita_c72d66dc-c900-4032-b4dd-110e7d3745bb

Using the Command "show flow monitor sdwan_flow_monitor cache" on the cEdge CLI there`s a lot of interessting output I can see, but unfortunatly I´m not able to understand many of the parameters

Does anyone of you perhaps have more information on how these parameters can be interpreted exactly? Among other things, I`d be interested in what the highlited "drop cause id" says for example...

IP PROTOCOL: 6
tcp flags: 0x1E
counter bytes long: 852
counter packets long: 8
flow end reason: Not determined
interface overlay session id input: 0
interface overlay session id output: 0
connection connection id long: 0x000000000004F661
drop cause id: 407
counter bytes drop long: 163
counter packets drop long: 4
ulogging fw zp id: 8
ulogging fw zone id array: 4 5 
ulogging fw class id: 13881665
ulogging fw policy id: 5750832
ulogging fw proto id: 72
ulogging fw action: 2
ulogging fw source port translated: 5733
ulogging fw destination port translated: 443
ulogging utd ips pri: 0
ulogging utd ips sid: 0
ulogging utd ips gid: 0
ulogging utd ips cid: 0
ulogging utd urlf url hash: 00000000000000000000000000000000
ulogging utd urlf url category: 0
ulogging utd urlf url reputation: 0
ulogging utd urlf application name: 
ulogging utd amp dispos: 0
ulogging utd amp filename hash: 00000000000000000000000000000000
ulogging utd amp file type: 0
ulogging utd amp file hash: 0000000000000000000000000000000000000000000000000000000000000000
ulogging utd amp malname hash: 00000000000000000000000000000000
ulogging utd drop reason id: 11
ulogging sdvt drop reason id: 0
ulogging utd ips policy id: N/A
ulogging utd ips action id: N/A
ulogging utd urlf policy id: N/A
ulogging utd urlf action id: N/A
ulogging utd amp policy id: N/A
ulogging utd amp action id: N/A
ulogging utd urlf reason id: 0
ulogging ulogging flow direction: Initiator
ip dscp: 0x00
application name: layer7 ssl

 thank you very much in advance for any kind of helpful information!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card