Cisco Systems ASA 5580 Manual De Usuario

bad.example.net

Found more than 2 matches, enter a more specific string to find an exact

match

Whenever a known address is classified by the Botnet Traffic Filter, then a syslog message is generated. 
You can also monitor Botnet Traffic Filter statistics and other parameters by entering commands on the 
ASA. This section includes the following topics:

The Botnet Traffic Filter generates detailed syslog messages numbered 338nnn. Messages differentiate 
between incoming and outgoing connections, blacklist, whitelist, or greylist addresses, and many other 
variables. (The greylist includes addresses that are associated with multiple domain names, but not all 
of these domain names are on the blacklist.)

See the syslog messages guide for detailed information about syslog messages.

To monitor the Botnet Traffic Filter, enter one of the following commands:

[interface 

name] [detail]

Shows how many connections were classified as whitelist, blacklist, and 
greylist connections, and how many connections were dropped. (The 
greylist includes addresses that are associated with multiple domain 
names, but not all of these domain names are on the blacklist.) The detail 
keyword shows how many packets at each threat level were classified or 
dropped.

To clear the statistics, enter the clear dynamic-filter statistics [interface 
name] command.

 

[malware-sites | malware-ports | 

]

Generates reports of the top 10 malware sites, ports, and infected hosts 
monitored. The top 10 malware-sites report includes the number of 
connections dropped, and the threat level and category of each site. This 
report is a snapshot of the data, and may not match the top 10 items since 
the statistics started to be collected.

To clear the report data, enter the clear dynamic-filter reports top 
command.