Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Single command to set "CapturePacket True" on ALL sigs?

Is there a single command to set "CapturePacket True" on ALL sigs? Or do I need to create a script to copy/paste that tells the IDS to capture packets for each signature one by one?

Thanks!

Jim

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Single command to set "CapturePacket True" on ALL sigs?

If you were running IPS v5, via IDM (https to the sensor directly) you would be able to "select all" signatures and enable "verbose alerts" which is the 5.x equivalent of "capture packet" in one action for all signatures.

Via IDM in 4.x (which judging by your question you're running) - no, can't do it. I forget if there's a way via IDSMC (part of the VMS package) to do this though - I seem to remeber that there isn't.

4 REPLIES
Cisco Employee

Re: Single command to set "CapturePacket True" on ALL sigs?

If you were running IPS v5, via IDM (https to the sensor directly) you would be able to "select all" signatures and enable "verbose alerts" which is the 5.x equivalent of "capture packet" in one action for all signatures.

Via IDM in 4.x (which judging by your question you're running) - no, can't do it. I forget if there's a way via IDSMC (part of the VMS package) to do this though - I seem to remeber that there isn't.

New Member

Re: Single command to set "CapturePacket True" on ALL sigs?

Thanks for your help!

Gold

Re: Single command to set "CapturePacket True" on ALL sigs?

Wow, I can't imagine ever doing this on my network...what a mess that would create. Perhaps you're network is not too busy though? We gave up on using CapturePacket even for a single sig a long time ago and just run tcpdump when we want to see traffic.

New Member

Re: Single command to set "CapturePacket True" on ALL sigs?

I work for a service provider. Some customers are more busy than others. But in all cases, we log everything for forensics.

108
Views
0
Helpful
4
Replies