Interface flood detection disabled
To track data for interface flood detection, private storage is obtained when IDS starts monitoring an interface. If the storage cannot be obtained, IDS is not able to detect an interface flood for the interface. A console message and a syslogd message are issued to report the condition.
EZZ8761I IDS EVENT DETECTED
EZZ8730I STACK TCPCS
EZZ8762I EVENT TYPE: INTERFACE FLOOD DETECTION DISABLED
EZZ8763I CORRELATOR 20 - PROBEID 04070015
EZZ8770I INTERFACE OSAQDIO4L
EZZ8765I DESTINATION IP ADDRESS 5.72.107.78 - PORT 0
EZZ8766I IDS RULE AttackFlood-rule
EZZ8767I IDS ACTION AttackLog-action
EZZ8658I TRMD ATTACK Interface Flood Detection Disabled:12/23/2002 20:39:35.00,
ifcname=OSAQDIO4L, dipaddr=5.72.107.78,correlator=20,probeid=04070015,
sensorhostname=MVS34.tcp.com
These messages indicate a storage constraint has prevented the initialization of interface flood detection for the interface specified in the message. Interface flood detection for other interfaces is not affected.
When the problem causing the storage constraint is resolved, the Interface Flood detection support can be activated by removing the IDS ATTACK FLOOD policy and then adding the IDS ATTACK FLOOD policy again, or by stopping and restarting the interface.