Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

IDSM, Event Viewer > locality=OUT , can I change it?

Hello,

in ISDM event viewer I see both internal (private) and external (global) addresses have
"locality"=OUT.
Does anybody know if it makes sense to change it and how, I can't find where?


  participants:  
    attacker:  
      addr: 10.7.51.233  locality=OUT 
      port: 52593 
    target:  
      addr: 204.192.12.14  locality=OUT 
      port: 80 
      os:   idSource=learned  type=linux  relevance=relevant 
  actions:  
    denyPacketRequestedNotPerformed: true

Thank you
Alexander

Everyone's tags (2)
2 REPLIES
Cisco Employee

Re: IDSM, Event Viewer > locality=OUT , can I change it?

Alexander;

You can define Event Variables for specific IP address(es) and/or  IP address ranges and, as a result, these variable names will appear in  event Alerts as the "locality"  of applicable hosts (in place of the default "OUT").  So, for example, you may define an Event Variable, LAN for your primary  network (192.168.0.0-192.168.0.255), another Event Variable, DMZ (192.168.2.0-192.168.3.255) for a semi-protected segment located offyour  firewall, and a final Event Variable, WEB_SERVERS (1.1.1.0-1.1.1.31) for you publicly-accessible web servers.  These variable names will then be displayed in the event details.

Scott

New Member

Re: IDSM, Event Viewer > locality=OUT , can I change it?

Thank you Scott

Alex

505
Views
10
Helpful
2
Replies
CreatePlease to create content