01-18-2008 08:52 AM - edited 03-10-2019 03:56 AM
I'm just getting started with my IDS/IPS SSM-20 module. I'm looking for some reporting and querying capabilities for it. Is there a function or ability within the IDM 5.1 application or even if I upgrade. Is possible to look for all alerts for a particular IP address or a specified signature? Can I generate a report on how many attacks were mitigated?
Any help would be appreciated.
01-24-2008 06:00 AM
Both IDM and "show events alert" have very basic querying capabilities. The only thing you can do is to mark some signature with "traits" code and show alerts fired by this signature with:
sensor# sh events alert include-traits ?
<0-15> Traits to include in the show events output.
Try IDS Event Viewer. IEV is a free tool that can be downloaded from the Cisco website. But is very limited too. The primary Cisco product for viewing/reporting is the Cisco MARS. But it is expensive...
01-24-2008 07:56 AM
I was afraid of that. Even though I'm looking into MARS I hate to have my decision tied to improving the functionality of a product I already have.
01-24-2008 11:20 AM
You can refer this guide for more information on IDS
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_tech_note09186a008053183f.shtml
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: