cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
334
Views
0
Helpful
2
Replies

IPS stop event data in event viewer

iqbalkhan
Level 1
Level 1

Hi

One of my IPS running well and viw event report in event viewer. but suddenly no event come in event viwer. at first i think corrupt the event viwer and install another pc but same result. My sensing interface up and management interface also up. when I excute show events 12:00:00 then event dispaly but when i excute only show events then no response. I already reboot it. but no result so what i take the step ?

thanks

2 Replies 2

mhellman
Level 7
Level 7

you are right to start by troubleshooting directly on the appliance.

"show events" starts from the current time, so no events may not show up right away. try:

# show events alert past 01:00

this will show alarms for the past hour. if you normally receive lots of alarms in a given hour, this should tell you something.

If you don't see any alarms (and in a given hour you normally would),

use the "packet display" command to verify that you are seeing all the traffic you should be seeing. Are you actually inline?

Hi

Its not inline. and when I give command packet display , then dispaly traffic.

Thanks

Biplob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: