I'm not sure of the exact metric, but you should enable syslog and have this sent to a syslog server. With syslog server you can have the system parse the syslog and react to particular entries. Of course that depends on what you use to manage the syslog db.
""Manny"" wrote in message news:[EMAIL PROTECTED] > I ran into a situation today where we had a machine that was trying to FTP > through the firewall. We allow FTP outbound. The problem that came up was > that the user had no idea that an FTP client was setup on his machine. The > FTP client (spyware) kept trying to connect to a server (ispynow.com) using > the incorrect user name and password. For every attempt an xlate entry was > created. It created about 7000 entries in a matter of minutes. The firewall > was paralyzed. I had to console in and look at the xlate table. Even through > the console I had a hard time viewing the table. Is there any way to prevent > this from happening again?This is the second time this year an incident of > this nature with the xlate table has occurred. How can I monitor the xlate > table for strange behavior? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=65122&t=65095 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
