Collecting IPS Error Events and Status Events in CS-MARS

Unanswered Question
Dec 9th, 2008
User Badges:

Does anybody know how to collect either the "Error Events" or the "Status Events" from 4200 series IPS devices in CS-MARS? The only events that seem to be collected by CS-MARS are the "Alert Events".

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Thu, 12/18/2008 - 11:48
User Badges:
  • Silver, 250 points or more

You can use the show events command to view the alerts generated by SensorApp and errors generated by an application

• evError-Application errors

• evStatus-Status changes, such as an IP log being created

The show events command is useful for troubleshooting event capture issues in which you are not seeing events in Event Viewer or Security Monitor. You can use the show events command to determine which events are being generated on the sensor to make sure events are being generated and that the fault lies with the monitoring side.

Actions

This Discussion