03-20-2004 02:15 PM - edited 03-09-2019 06:49 AM
I have a very basic question. We have a 4250 IDS running version 4.1. I use IDS Device Manager to configure the IDS. My question is: What is an Event Filter? Once you create an Event Filter, what happens to the traffic that matches the filter? Is that traffic ignored or is it specifically looked upon?
Thanx.
03-22-2004 07:14 AM
Hi Kendo,
Filters enable you to customize and refine your view of event data by specifying alarms to exclude from your view.
For more details on this, you can refer to this url :
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap6.htm#604198
Hope this helps
thanks
03-22-2004 03:08 PM
I should have been more specific. I'm refering to Event filters on IDS Device Manager, under Configuration > Sensing Engine > Alarm Channel > Configuration > Event Filters
I'm wondering if the traffic specified by Event filters are included or excluded from monitoring.
Thanks.
03-22-2004 03:20 PM
Both exclude and include.
The filters have a parameter called "Exception".
If "Exception" is set to False then the line will attempt to Exclude the alarms matching the other paramaters.
If the "Exception" is set to True, however, then it overrides any fitlers where Exception was set to False that match the same alarm. So "Exception" set to True acts as an Include over riding the Excludes for those alarms.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide