Event Retrieval

Unanswered Question
Jan 21st, 2009

Our IPS sensor health shows that it can not retrieve events. The event status is showing not connected and will not start.

Any ideas? I'm a newbie to this.

Paul

edit: Device status = subscription open failed.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

IDS Event Viewer is a Java-based application that enables you to view and manage alarms for up to five sensors. With IDS Event Viewer you can connect to and view alarms in real time or in imported log files. You can configure filters and views to help you manage the alarms. You can also import and export event data for further analysis. IDS Event Viewer also provides access to the Network Security Database (NSDB) for signature descriptions.

pwilliams05 Fri, 01/30/2009 - 08:10

We changed our AV vendor and it installed a firewall. Once I turned that off we were good to go. What ports do I need to open to run the IME software?

marcabal Fri, 01/30/2009 - 08:44

IME acts as a client and intiates connections to the sensors (sensors are the servers). So just need to ensure your firewall will also IME to connect TO your sensors.

IME does not need to allow any incoming connections from other boxes. IME does not act as a server for external connections.

IME actually has 3 main parts. The GUI that you see on your screen, a database that is always running in the background, and a client process always running in the background that connects to and pulls alerts from the sensors. There are internal ports that each of these process use to connect to the other processes. These are all internal connections, but I can't remmeber what internal ports they use.

I would assume that your firewall will likely allow these internal connections just fine. (I have not heard of any pc firewalls blocking these internal connections) Since IME does not support being a server for external connections the firewall does not need to open any ports for this. For IME's external connection TO the sensors you might have to configure your firewall to allow the IME processes to make external client connections to the sensors.

Actions

This Discussion