Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
1
Replies

Monitoring AIM-IPS-K9 and AIP-SSM-10

mdreelan
Level 1
Level 1

‎12-02-2008 06:41 AM - edited ‎03-10-2019 04:24 AM

Does anyone have any tips on monitoring the IPS devices for being up, healthy, not-in-bypass, and running normally, I had five of them fail after the E3 upgrade (one is still tweaked due what TAC has identified as a corrupt license issue). Although CSMARS 6.0 lists some unreachable devices once daily, it has all devices in the list making it less that useful information, but that is a different question.

AIM-IPS-K9: 19 ea.

AIP-SSM-10: 3 ea.

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎12-02-2008 10:07 AM

Cisco had orginally planned to add a "keep alive" signature to 6.0. but that feature got dropped. The intent was to fire off a signature every few mins as long as the sensor was seeing valid traffic. The absence of seeing this signature should trigger some attention to a downed sensor.

You can write a custom sig, but you have to be able to detect the loss of that event to be of value.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card