Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Not seeing sensor alerts on CSPM 2.3i

Unanswered Question

I have fully configured both the CSPM 2.3i and (2) CSIDS 4230s (2.5). The sensors are capturing traffic, all of the services are running, and communication is established with CSPM. I've configured my signatures but am getting no alerts when I should at least get some. I am getting the "Route Up" and "Route Down" messages, but that's all.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mjuckett Mon, 07/23/2001 - 07:31
User Badges:

Have you checked to make sure the sensors are enabled for generating audit events? Click on the sensor under CSPM, go to the Logging tab, and make sure that "Generate audit event log files" is checked.

atimpanaro Tue, 09/25/2001 - 01:55
User Badges:

Try to upgrade to the last version (either the CSPM and the IDS sotware). I had the same problem, and after upgrade it works fine.

ehouser Wed, 10/24/2001 - 05:58
User Badges:

I had this same problem with a new 4210 install and CSPM 2.3i, and had to log back into the sensor as root, exit out and let all daemons start again, generate the command set through CSPM doing the save and update, and approve command set again 2 or 3 times and finally they show up. This had to be done only one time. Now, when ever the sensor or CSPM is restarted, it continues. I also checked whether the postoffice service was started. Also, make sure the ports are not being filtered out on the machine.

ma53502 Fri, 10/26/2001 - 05:20
User Badges:

If you are connecting the sniffing interface into a switch you will need to mirror whatever ports you want to be monitored on the switch. Keep in mind that if you mirror too many ports on the switch, you might run the chance to overload the CPU on the switch.


This Discussion