Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
5
Helpful
1
Replies

Cisco IPS Event Viewer & ASA-SSM10

craig-allen
Level 1
Level 1

‎08-07-2007 06:11 AM - edited ‎03-10-2019 03:44 AM

I've setup IP Logging on the sensor and can download the packet dumps via the IDM interface and then view via Ethereal on my PC.

How do I get this working via IEV? The menu option 'Show Captured Packet' is always greyed out. I have set the path to Ethereal in 'Application Settings'

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎08-07-2007 07:28 AM

There is a misunderstanding in what IEV is capable of doing.

IEV does not have the ability to download and view iplogs.

The "Show Captured Packet" option in IEV is for viewing the trigger packet of the alert that gets added to the alert itself rather than part of an IP Log.

The trigger packet gets added to the alert when the Produce Verbose Alert event action is added to the signature.

The Produce Verbose Alert adds the trigger packet to the alert (it base 64 encodes the packet when adding it to the alert). IEV can then decode the packet and make it viewable to the user.

The Packet Log actions log the packets into a iplog. It will Also include the trigger packet, but also includes additional packets. The IP Logs are not currently downloadable and viewable through IEV.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card