New IDS 4215 - does not seem to be monitoring

Unanswered Question
Jul 17th, 2007

Hello - I installed my IDS 4215 and I can get to the web interface on the management side. I set up a span on my IOS switch and CatOS switch (tried both) with the source as port n/n and the destination as the sensor port. I then set up IP logging for a particular IP address I knew the sensor would see but I show 0 packets captured. On the statistics I see I am getting packets on the Fe0/1 but nothing in the log. I even set up RFC 1918 as an alert and set up my pc for 192.168 on the span source port but no alarms. Please help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Rodrigo Gurriti Tue, 07/17/2007 - 14:39

have you added an interface to be the sniffing interface and then added it to a virtual sensor (vs0)

cisco IPS software version up to 5.x support only one virtual sensor (vs0). Versions 6.x and up supports more

here is the manual for 5.x

basically what you do is:

enable/assign one Sensing Port to be Promiscuous or 2 to be Inline pair

Add the enabled/assigned interface(s) to the Virtual Sensor VS0 or if you have 6.x you can use VS0 ( the default or create an other virtual sensor )


every IPS has:

at least 1 Sensing Port (allow to sniff) ans usually up to 4

only 1 Command and Control Port ( port used for communications between you and the IPS)


This Discussion