Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IPS Event Viewer & ASA-SSM10

I've setup IP Logging on the sensor and can download the packet dumps via the IDM interface and then view via Ethereal on my PC.

How do I get this working via IEV? The menu option 'Show Captured Packet' is always greyed out. I have set the path to Ethereal in 'Application Settings'

1 REPLY
Cisco Employee

Re: Cisco IPS Event Viewer & ASA-SSM10

There is a misunderstanding in what IEV is capable of doing.

IEV does not have the ability to download and view iplogs.

The "Show Captured Packet" option in IEV is for viewing the trigger packet of the alert that gets added to the alert itself rather than part of an IP Log.

The trigger packet gets added to the alert when the Produce Verbose Alert event action is added to the signature.

The Produce Verbose Alert adds the trigger packet to the alert (it base 64 encodes the packet when adding it to the alert). IEV can then decode the packet and make it viewable to the user.

The Packet Log actions log the packets into a iplog. It will Also include the trigger packet, but also includes additional packets. The IP Logs are not currently downloadable and viewable through IEV.

397
Views
5
Helpful
1
Replies
CreatePlease to create content