cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
648
Views
0
Helpful
6
Replies

Not seeing sensor alerts on CSPM 2.3i

csimpson
Level 1
Level 1

I have fully configured both the CSPM 2.3i and (2) CSIDS 4230s (2.5). The sensors are capturing traffic, all of the services are running, and communication is established with CSPM. I've configured my signatures but am getting no alerts when I should at least get some. I am getting the "Route Up" and "Route Down" messages, but that's all.

6 Replies 6

mjuckett
Level 1
Level 1

Have you checked to make sure the sensors are enabled for generating audit events? Click on the sensor under CSPM, go to the Logging tab, and make sure that "Generate audit event log files" is checked.

rcrowe
Level 1
Level 1

Also make sure that the right monitor interface is specified for the sensor. 4230=/dev/spwr0 and 4210=/dev/iprb0. I had this problem....I thought that the 4210 and the 4230 used the same interface names.

The correct interface is selected and "generate audit" is checked... I'm stumped!

Try to upgrade to the last version (either the CSPM and the IDS sotware). I had the same problem, and after upgrade it works fine.

I had this same problem with a new 4210 install and CSPM 2.3i, and had to log back into the sensor as root, exit out and let all daemons start again, generate the command set through CSPM doing the save and update, and approve command set again 2 or 3 times and finally they show up. This had to be done only one time. Now, when ever the sensor or CSPM is restarted, it continues. I also checked whether the postoffice service was started. Also, make sure the ports are not being filtered out on the machine.

ma53502
Level 1
Level 1

If you are connecting the sniffing interface into a switch you will need to mirror whatever ports you want to be monitored on the switch. Keep in mind that if you mirror too many ports on the switch, you might run the chance to overload the CPU on the switch.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: