Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reporting and Alert Querying

I'm just getting started with my IDS/IPS SSM-20 module. I'm looking for some reporting and querying capabilities for it. Is there a function or ability within the IDM 5.1 application or even if I upgrade. Is possible to look for all alerts for a particular IP address or a specified signature? Can I generate a report on how many attacks were mitigated?

Any help would be appreciated.

3 REPLIES
ovt Bronze
Bronze

Re: Reporting and Alert Querying

Both IDM and "show events alert" have very basic querying capabilities. The only thing you can do is to mark some signature with "traits" code and show alerts fired by this signature with:

sensor# sh events alert include-traits ?

<0-15> Traits to include in the show events output.

Try IDS Event Viewer. IEV is a free tool that can be downloaded from the Cisco website. But is very limited too. The primary Cisco product for viewing/reporting is the Cisco MARS. But it is expensive...

New Member

Re: Reporting and Alert Querying

I was afraid of that. Even though I'm looking into MARS I hate to have my decision tied to improving the functionality of a product I already have.

Bronze

Re: Reporting and Alert Querying

140
Views
5
Helpful
3
Replies
CreatePlease to create content