vkapoor5 Thu, 12/27/2007 - 06:43

The generation of the alarm event expends CPU cycles that would otherwise be available for analysis. Additionally, the event needs to be stored in nonvolatile storage. This usually means that it must be written to disk, a relatively slow operation, or sent over a network connection. Under normal circumstances this does not affect the operation of a NIDS. However, as the rate of alarm production increases and/or the load on the network increases, alarm event production and log maintenance can have a significant effect on NIDS performance. The event generation component of a NIDS must be able to handle the events generated by the high rates of traffic. The ability of the NIDS to notify the user varies as the alarm event rate is adjusted.

cisco24x7 Thu, 12/27/2007 - 10:28

I don't know if this method is supported

by Cisco TAC but you can do it quite easily.

I tested this on version 4.1. By the way,

IDS version 4.1 is a LinuxOS.

a- create an account called "test" and assign "service" privilege,

b- logout of the IDS and log back in with

the test account. This will put you in

bash shell,

c- type "su -" and enter the "admin" or "root" password,

d- now you are in superuser mode, type "top".

This will show you cpu usage in real-time.


This Discussion