How to monitor the IDSM engine?

Unanswered Question
Feb 16th, 2009
User Badges:

Greetings


I've been trying to solve this since I got my IDSMs a year ago. How can I be notified when the IDSM monitor engine crashes, as it does a few times a month.

I've tried to set up various 3rd party tools to monitor SNMP and/or ping availability but none of these can give any accurate indication of a failure.

Any suggestions?


Regards

Fredrik


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rhermes Mon, 02/16/2009 - 09:40
User Badges:
  • Gold, 750 points or more

This is a common problem with all sensors. Unfortunately there are several failues that a sensor can experience. To test all aspects of a sensor, create a custom signature tha twill fire on any traffic with a summary (so you only get an alert every X min). Then feed this event (SDEE or Syslog) into a system that looks for the absence of the event.

We call it a heartbeat sig. Cisco borrowed the idea and was going to put it into 6.0 as a standard signature, but for some reason abdoned the feature.

Actions

This Discussion