Filter
Top Products
69-34
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Integrating CS-MARS and Security Manager
messages with an equivalent NetFlow event; the NetFlow Event IDs and Extended Event IDs are
included. For information on how to disable NetFlow equivalent syslog messages, see Server Setup Page,
page 52-16.
For the Flow Denied NetFlow event, an Extended Event ID indicates the reason for denial, as shown in
the following table.
Syslog ID Syslog Description NetFlow Event ID Extended Event ID
302013
302015
302017
302020
TCP, UDP, GRE, and
ICMP connection
creation.
1 = Flow Created. 0 = Ignore.
302014
302016
302018
302021
TCP, UDP, GRE, and
ICMP connection
tear-down.
2 = Flow Deleted. 0 = Ignore, or
> 2000 = ASP drop
reasons.
710003 An attempt to connect to
the device’s interface
was denied.
3 = Flow Denied. 1003 = To-the-box flow
denied due to
configuration.
106015 A TCP flow was denied
because the first packet
was not a SYN packet.
3 = Flow Denied. 1004 = Flow denied
because first packet was
not a TCP SYN packet.
313001 An ICMP packet to the
device was denied.
3 = Flow Denied. 1003 = To-the-box flow
denied due to
configuration.
313008 An ICMP v6 packet to
the device was denied.
3 = Flow Denied. 1003 = To-the-box flow
denied due to
configuration.
106023 A flow was denied by an
access list attached to an
interface with the access
group command.
3 = Flow Denied. 1001 – Flow denied by
Ingress ACL.
1002 – Flow denied by
Egress ACL.
106100 An access rule was hit. 1 = Flow Created (if
ACL permitted the
flow).
3 = Flow Denied (if
ACL denied the flow).
0 – If Flow permitted by
ACL.
1001 – Flow denied by
Ingress ACL.
1002 – Flow denied by
Egress ACL.
Extended Event ID Event Description
1001 FLOW DENIED The flow was denied by an
Ingress ACL.
1002 FLOW DENIED The flow was denied by an
Egress ACL.