One of my client have issue with Some of the Destination IP is not reported in dashboard for Cisco Firewall.
we are able to see the destination hostname instead of Destination in the Packet details in ESM.
We check with support and got a reply stating
" these events are being aggregated at level 2 which meansthe destination IP is dropped
- Informed customer these events would need to be atlevel 1 aggregation for the destination IP to be displayed".
Correct me if I am wrong, if its aggregation issue, it suppose to drop all Destination IPs. Where as we see these issue on some servers we are able to see the destination hostname instead of Destination in the Packet details in ESM.
I feel we have do some mapping of these servers.
Please find the screenshot and logs attached.
Message was edited by: manjumcafee on 7/6/14 3:55:40 PM CDTMessage was edited by: manjumcafee on 7/6/14 3:57:56 PM CDT
I think you will find that the parser is capturing the value outside the parentheses. This is not always an IP address. If the parser captured the value inside the parantheses then it would encounter exactly the same problem...the value is not always an IP address.