Monitoring AIM-IPS-K9 and AIP-SSM-10

Unanswered Question
Dec 2nd, 2008
User Badges:

Does anyone have any tips on monitoring the IPS devices for being up, healthy, not-in-bypass, and running normally, I had five of them fail after the E3 upgrade (one is still tweaked due what TAC has identified as a corrupt license issue). Although CSMARS 6.0 lists some unreachable devices once daily, it has all devices in the list making it less that useful information, but that is a different question.

AIM-IPS-K9: 19 ea.

AIP-SSM-10: 3 ea.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Tue, 12/02/2008 - 10:07
User Badges:
  • Gold, 750 points or more

Cisco had orginally planned to add a "keep alive" signature to 6.0. but that feature got dropped. The intent was to fire off a signature every few mins as long as the sensor was seeing valid traffic. The absence of seeing this signature should trigger some attention to a downed sensor.

You can write a custom sig, but you have to be able to detect the loss of that event to be of value.


This Discussion