Chapter 10
Identifying and Preventing Distributed-Denial-Of-Service Attacks
•
As with other log files, there are two attack log files. Attack events are written to one of these files until
it reaches maximum capacity, at which point the events logged in that file are then temporarily archived.
New attack events are then automatically logged to the alternate log file. When the second log file
reaches maximum capacity, the system then reverts to logging events to the first log file, thus overwriting
the temporarily archived information stored in that file.
The following SNMP trap indicates that the attack log is full and a new log file has been opened
ST_LINE_ATTACK_LOG_IS_FULL
When the attack log is large, it is not recommended to display it. Copy a large log to a file to view it.
Note
How to View the Attack Log
From the SCE# prompt, type more line-attack-log and press Enter.
Step 1
How to Copy the Attack Log to a File
From the SCE# prompt, type more line-attack-log redirect filename and press Enter.
Step 1
Writes the log information to the specified file.
OL-16479-01
Action taken
Cisco SCE8000 Software Configuration Guide, Rel 3.1.6S
Monitoring Attack Filtering
10-29