Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IDS Reports

Hi all,

Got an IDS on 4215 and generating reports through VMS 2.3. At some point the VMS application crashed. After reinstallation with all similar parameters, the reports during the crash cannot be generated. So far, we understand that the logs are stored on the IDS and it was up and running.Any way of retrieving the info for the period where the VMS wasn't running?

1 REPLY
New Member

Re: IDS Reports

IPS does have a 30 MB rotating EventStore which provides disconnected event store. The average event size is 1-2 K so the eventStore can sustain an average rate of 30+ events/second for more than 15 minutes. This information should have been written to the IDS_MC as soon as the connection with VMS re-establishes.

Try these links:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swchap6.htm#wp193386

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_and_configuration

120
Views
0
Helpful
1
Replies
CreatePlease to create content