How does the absence of hashcodes in ACEs on devices that do not support them affect the accuracy of event matches for a policy?
A. When you select the option to display events matching a rule, the support of ACE hashcodes by the version of software running on a device determines the accuracy of syslog matches. Although Security Manager is able to gather the device information, the appropriate event types in CS-MARS, 5-tuple data from the ACEs, and the ACL, these details can result in inaccurate or excessive syslog matches. To produce most accurate syslog matches for an ACE, PIX and ASA 7.0 and later support ACE hashcodes. Each ACE contains an MD5 hashcode, which is included in the syslogs generated by that ACE. For PIX and ASA devices running 7.0 or later, Security Manager includes the hashcodes of the ACEs generated by the selected rule in the query sent to CS-MARS. ACE hashcodes are not supported on security appliances running a version of PIX or ASA software earlier than 7.0.
Related Questions
- How will the Support Lifecycle policy affect Personal Support (telephone and Web support options that are customized to meet the requirements of home users and home office customers)?
- How does the absence of hashcodes in ACEs on devices that do not support them affect the accuracy of event matches for a policy?
- I am part of the Young Adult Support Plan. How does the Medicare Levy Surcharge affect me?
