🔍 Monitoring and Troubleshooting DoS Protection Events

1. CLI Commands for Monitoring DoS Events

Utilize the following CLI commands to monitor and troubleshoot DoS protection events:

• show counter global | match dos – Displays global counters related to DoS events.
• debug dataplane show dos classification-table – Shows the current DoS classification table.
• show dos-protection rule <rule-name> statistics – Provides statistics for a specific DoS protection rule.
• show dos-protection zone <zone-name> blocked source – Lists sources blocked in a specific zone due to DoS protection.

For a comprehensive list of commands, refer to the Understanding DoS Logs and Counters article.

2. GUI Monitoring of DoS Events

To monitor DoS protection events via the GUI:

• Navigate to Monitor > Logs > Threat to view threat logs.
• Use filters such as ( subtype eq flood ) to isolate DoS-related events.
• Click on individual log entries to view detailed information.

Ensure that logging is enabled for your DoS protection profiles and that appropriate log forwarding profiles are configured. For more details, see the View Logs documentation.

3. Troubleshooting Tips

• Verify that DoS protection profiles are correctly applied to the intended zones or interfaces.
• Check that the thresholds set in the profiles are appropriate for your network traffic patterns.
• Ensure that logging is enabled in the DoS protection profiles and that logs are being forwarded to the desired destinations.
• Use the show counter global command to monitor real-time counters related to DoS events.

For additional troubleshooting guidance, consult the Troubleshooting DoS Attacks article.