Question & Answer
Question
Why do QRadar Network Security (XGS) sensors generate a large number of FNXUD0002I system events when a segment is operating in Monitoring mode?
Cause
The FNXUD0002I event is created when packets are dropped by an interface. When operating in Monitoring mode, an interface accepts traffic from a span port on a switch and analyzes it. After analysis, the traffic is dropped by the sensor as this is not an inline inspection mode.
Answer
This behavior is normal for Monitoring mode on XGS sensors.
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"General Information","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"5.3.1;5.3.3","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg22011432