Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDSM-2 ip-log default question?

Ok so, I have recently enabled log-pair-packets on signatures without changing the ip-log defaults, which from all documentation and posts in this forum reads that it defaults to 0 packets, 30 minutes, 0 bytes. But when I look at iplog-status at the CLI, I see that all ip logging on these event-triggered logs are

any length bytes/packets

30 second (not minutes!) exactly

my question is if the documentation is wrong? Also the documentation says after any 1 condition is met then it will stop logging, but if bytes = 0 and packets = 0, wouldn't that mean it wouldnt log at all? Or does that mean it does not check that parameter.

I can always do a test scenario myself, but I wanted to ask the community first if they have also found that the documentation is wrong in saying 30 minutes and it being really 30 seconds. Thanks in advance!