I recently inherited the maintenance of a couple ASA-SSM-20 platforms on our network. I've never done anything with these before, so please bear with me if I don't know what I'm talking about.

Anyway, they are both supposed to send their events to a CS-MARS machine, but I noticed that only one was generating anything. After logging into the IPS Manager Express, both of the IPS's show up and they both show packets being received and transmitted from both NICs.

So I decided to login via SSH on both of them to compare. NIC1 is supposed to be the sensor interface on both of them, so I tried to see if they were both capturing packets by doing "packet display <interface> count 5". Well, the IPS that is sending events showed 5 packets immediately, while the other one did not.

Also, doing a "show events" on both of them results in a similar occurrence. One displays some events, while the other doesn't.

So I would expect to be able to capture packets if both interfaces show they are receiving and transmitting packets on both machines (the packet count continuously increases). Am I missing something obvious? I've been trying to fix this for a while and I think my brain is frying! Thanks in advance for any suggestions!