![background image](http://html.mh-extra.com/html/cisco/sce-1000-and/sce-1000-and_configuration-manual_64496314.webp)
11-30
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 11 Identifying and Preventing Distributed-Denial-Of-Service Attacks
Monitoring Attack Filtering
The message for detecting attack end contains the following data:
•
IP address (Pair of addresses, if detected)
•
Protocol Port number (If detected)
•
Attack-direction (Attack-source or Attack-destination)
•
Interface of IP address
•
Number of attack flows reported/blocked
•
Action taken
As with other log files, there are two attack log files. Attack events are written to one of these files until
it reaches maximum capacity, at which point the events logged in that file are then temporarily archived.
New attack events are then automatically logged to the alternate log file. When the second log file
reaches maximum capacity, the system then reverts to logging events to the first log file, thus overwriting
the temporarily archived information stored in that file.
The following SNMP trap indicates that the attack log is full and a new log file has been opened
ST_LINE_ATTACK_LOG_IS_FULL
Note
When the attack log is large, it is not recommended to display it. Copy a large log to a file to view it.
How to View the Attack Log
Step 1
From the SCE# prompt, type
more line-attack-log
and press
Enter
.
How to Copy the Attack Log to a File
Step 1
From the SCE# prompt, type
more line-attack-log redirect
filename
and press
Enter
.
Writes the log information to the specified file.