Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
670
Views
0
Helpful
3
Replies

Event Retrieval

pwilliams05
Level 1
Level 1

‎01-21-2009 07:01 AM - edited ‎03-10-2019 04:28 AM

Our IPS sensor health shows that it can not retrieve events. The event status is showing not connected and will not start.

Any ideas? I'm a newbie to this.

Paul

edit: Device status = subscription open failed.

Labels:
0 Helpful
3 Replies 3

wong34539
Level 6
Level 6

‎01-28-2009 01:31 PM

IDS Event Viewer is a Java-based application that enables you to view and manage alarms for up to five sensors. With IDS Event Viewer you can connect to and view alarms in real time or in imported log files. You can configure filters and views to help you manage the alarms. You can also import and export event data for further analysis. IDS Event Viewer also provides access to the Network Security Database (NSDB) for signature descriptions.

0 Helpful

pwilliams05
Level 1
Level 1

‎01-30-2009 08:10 AM

We changed our AV vendor and it installed a firewall. Once I turned that off we were good to go. What ports do I need to open to run the IME software?

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to pwilliams05

‎01-30-2009 08:44 AM

IME acts as a client and intiates connections to the sensors (sensors are the servers). So just need to ensure your firewall will also IME to connect TO your sensors.

IME does not need to allow any incoming connections from other boxes. IME does not act as a server for external connections.

IME actually has 3 main parts. The GUI that you see on your screen, a database that is always running in the background, and a client process always running in the background that connects to and pulls alerts from the sensors. There are internal ports that each of these process use to connect to the other processes. These are all internal connections, but I can't remmeber what internal ports they use.

I would assume that your firewall will likely allow these internal connections just fine. (I have not heard of any pc firewalls blocking these internal connections) Since IME does not support being a server for external connections the firewall does not need to open any ports for this. For IME's external connection TO the sensors you might have to configure your firewall to allow the IME processes to make external client connections to the sensors.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card