1-17
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the Botnet Traffic Filter
Monitoring the Botnet Traffic Filter
hostname# dynamic-filter database find bad
bad.example.com
bad.example.net
Found more than 2 matches, enter a more specific string to find an exact
match
Monitoring the Botnet Traffic Filter
Whenever a known address is classified by the Botnet Traffic Filter, then a syslog message is generated.
You can also monitor Botnet Traffic Filter statistics and other parameters by entering commands on the
ASA. This section includes the following topics:
• Botnet Traffic Filter Syslog Messaging, page 1-17
• Botnet Traffic Filter Commands, page 1-17
Botnet Traffic Filter Syslog Messaging
The Botnet Traffic Filter generates detailed syslog messages numbered 338nnn. Messages differentiate
between incoming and outgoing connections, blacklist, whitelist, or greylist addresses, and many other
variables. (The greylist includes addresses that are associated with multiple domain names, but not all
of these domain names are on the blacklist.)
See the syslog messages guide for detailed information about syslog messages.
Botnet Traffic Filter Commands
To monitor the Botnet Traffic Filter, enter one of the following commands:
Command Purpose
show dynamic-filter statistics [interface
name] [detail]
Shows how many connections were classified as whitelist, blacklist, and
greylist connections, and how many connections were dropped. (The
greylist includes addresses that are associated with multiple domain
names, but not all of these domain names are on the blacklist.) The detail
keyword shows how many packets at each threat level were classified or
dropped.
To clear the statistics, enter the clear dynamic-filter statistics [interface
name] command.
show dynamic-filter reports top
[malware-sites | malware-ports |
infected-hosts]
Generates reports of the top 10 malware sites, ports, and infected hosts
monitored. The top 10 malware-sites report includes the number of
connections dropped, and the threat level and category of each site. This
report is a snapshot of the data, and may not match the top 10 items since
the statistics started to be collected.
To clear the report data, enter the clear dynamic-filter reports top
command.
To Next Page
Loading...
Need help?
General
