08-13-2008 07:50 AM - edited 03-10-2019 04:14 AM
How to diagnose whether the IDSM is monitoring traffic. What are the steps.
08-13-2008 09:13 AM
Check that the IDSM-2 is getting traffic. On the CLI do a "show interface"
Check if the traffic is getting to the analysis engine with a "show stat anal"
(if you're not seeing your taffic in the analysis engine, you forgot to add the interface to the virtual sensor)
Then turn on sig 2004 (ICMP echo reply) and run a few pings past the sensor to see if you are getting sigs to fire.
08-13-2008 07:29 PM
Both the above coands are working fine. How ever I am not geting any alerts on the event viewer.Pls help on this.
08-14-2008 12:56 AM
Can you post the "show config" of the IDSM and "show run | inc intrusion" of the core switch?
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide