Monitoring AIM-IPS-K9 and AIP-SSM-10

Unanswered Question
Dec 2nd, 2008

Does anyone have any tips on monitoring the IPS devices for being up, healthy, not-in-bypass, and running normally, I had five of them fail after the E3 upgrade (one is still tweaked due what TAC has identified as a corrupt license issue). Although CSMARS 6.0 lists some unreachable devices once daily, it has all devices in the list making it less that useful information, but that is a different question.

AIM-IPS-K9: 19 ea.

AIP-SSM-10: 3 ea.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Tue, 12/02/2008 - 10:07

Cisco had orginally planned to add a "keep alive" signature to 6.0. but that feature got dropped. The intent was to fire off a signature every few mins as long as the sensor was seeing valid traffic. The absence of seeing this signature should trigger some attention to a downed sensor.

You can write a custom sig, but you have to be able to detect the loss of that event to be of value.

Actions

This Discussion