How to monitor the IDSM engine?

Unanswered Question
Feb 16th, 2009

Greetings

I've been trying to solve this since I got my IDSMs a year ago. How can I be notified when the IDSM monitor engine crashes, as it does a few times a month.

I've tried to set up various 3rd party tools to monitor SNMP and/or ping availability but none of these can give any accurate indication of a failure.

Any suggestions?

Regards

Fredrik

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
rhermes Mon, 02/16/2009 - 09:40

This is a common problem with all sensors. Unfortunately there are several failues that a sensor can experience. To test all aspects of a sensor, create a custom signature tha twill fire on any traffic with a summary (so you only get an alert every X min). Then feed this event (SDEE or Syslog) into a system that looks for the absence of the event.

We call it a heartbeat sig. Cisco borrowed the idea and was going to put it into 6.0 as a standard signature, but for some reason abdoned the feature.

Actions

This Discussion