10-29
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
OL-16479-01
Chapter 10 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
•
Action taken
As with other log files, there are two attack log files. Attack events are written to one of these files until
it reaches maximum capacity, at which point the events logged in that file are then temporarily archived.
New attack events are then automatically logged to the alternate log file. When the second log file
reaches maximum capacity, the system then reverts to logging events to the first log file, thus overwriting
the temporarily archived information stored in that file.
The following SNMP trap indicates that the attack log is full and a new log file has been opened
ST_LINE_ATTACK_LOG_IS_FULL
Note
When the attack log is large, it is not recommended to display it. Copy a large log to a file to view it.
How to View the Attack Log
Step 1
From the SCE# prompt, type
more line-attack-log
and press
Enter
.
How to Copy the Attack Log to a File
Step 1
From the SCE# prompt, type
more line-attack-log redirect
filename
and press
Enter
.
Writes the log information to the specified file.