Cisco Systems ASA Services Module Webcam User Manual


 
26-14
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Monitoring the Botnet Traffic Filter
Detailed Steps
Step 1 Go to the Search Dynamic Database area:
In Single mode or within a context, choose the Configuration > Firewall > Botnet Traffic Filter
> Botnet Database Update pane.
In multiple context mode in the System execution space, choose the Configuration > Device
Management > Botnet Database Update pane.
Step 2 In the Search string field, enter a string at least 3 characters in length, and click Find Now.
The first two matches are shown. To refine your search for a more specific match, enter a longer string.
Step 3 To clear the displayed matches and the search string, click Clear, or you can just enter a new string and
click Find Now to get a new display.
Monitoring the Botnet Traffic Filter
Whenever a known address is classified by the Botnet Traffic Filter, then a syslog message is generated.
You can also monitor Botnet Traffic Filter statistics and other parameters by entering commands on the
ASA. This section includes the following topics:
Botnet Traffic Filter Syslog Messaging, page 26-14
Botnet Traffic Filter Monitor Panes, page 26-15
Botnet Traffic Filter Syslog Messaging
The Botnet Traffic Filter generates detailed syslog messages numbered 338nnn. Messages differentiate
between incoming and outgoing connections, blacklist, whitelist, or greylist addresses, and many other
variables. (The greylist includes addresses that are associated with multiple domain names, but not all
of these domain names are on the blacklist.)
See the syslog messages guide for detailed information about syslog messages.
For the following syslog messages, a reverse access rule can be automatically created from the Real Time
Log Viewer:
338001, 338002, 338003, 338004 (blacklist)
338201, 338202 (greylist)
See Chapter 41, “Configuring Logging,” in the general operations configuration guide.