Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Traffic Flow Notifications

Unable to get traffic flow notifications from and IPS Ver 5 sensor to show up in CSMARS. They are showing in the monitoring on the sensor, but never show up in CSMARS.

Is there something special that has to be done for these to be sent to CSMARS?

I realize that they are a different type of event, but they still should be able to be pulled into CSMARS for reporting and monitoring purposes.

For example, I want to set the Interface Idle Threshold at XX seconds. If for some reason there is no traffic coming across the sensing interface I want an event triggered in CSMARS.

Any thoughts?


Re: Traffic Flow Notifications

Yes the problem seems to be with traffic not reaching the sensor's interface. Please check that you are running trunking in the switch where the IDS is sniffing from. The switch must be replicating the traffic over to the vlan where the IPS is connected. Regarding the inline or promiscuous mode, promiscuous mode works fine and it will help with the testing. Much of it depends on thenetwork topology since in inline mode the traffic now runs through the IPS box.

CreatePlease to create content