×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
vkapoor5 Thu, 12/27/2007 - 06:43
User Badges:
  • Bronze, 100 points or more

The generation of the alarm event expends CPU cycles that would otherwise be available for analysis. Additionally, the event needs to be stored in nonvolatile storage. This usually means that it must be written to disk, a relatively slow operation, or sent over a network connection. Under normal circumstances this does not affect the operation of a NIDS. However, as the rate of alarm production increases and/or the load on the network increases, alarm event production and log maintenance can have a significant effect on NIDS performance. The event generation component of a NIDS must be able to handle the events generated by the high rates of traffic. The ability of the NIDS to notify the user varies as the alarm event rate is adjusted.



cisco24x7 Thu, 12/27/2007 - 10:28
User Badges:
  • Silver, 250 points or more

I don't know if this method is supported

by Cisco TAC but you can do it quite easily.

I tested this on version 4.1. By the way,

IDS version 4.1 is a LinuxOS.


a- create an account called "test" and assign "service" privilege,


b- logout of the IDS and log back in with

the test account. This will put you in

bash shell,


c- type "su -" and enter the "admin" or "root" password,


d- now you are in superuser mode, type "top".

This will show you cpu usage in real-time.

Actions

This Discussion