IPS netflow analyzer

Unanswered Question
Oct 14th, 2009

Hi All,

we have IPS 4240 with MARS 25. I like to export netflow from IPS to the MARS for anomaly detection. But I couldn't find any document to show how to configure netflow analyzer in IPS to export to MARS. if you show me any documents, I would be very appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrey.dugin Sun, 10/18/2009 - 22:37

As I know Cisco IPS doesn't work with netflow.

As an alternative you may create custom signatures for established TCP sessions and UDP packets exchange, but it will generate a lot of events on your alarm panel. You can export this information via SNMP-traps for any monitoring system.


This Discussion