Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Tuning so IP(s) log but never alert

Version 4.1(5). Is there a global way to tune by IP(s) such that the IP(s) continue to show up, but never alert? Example, for IP 10.0.0.1 I want no alerts for any signature, but want to see the events.

2 REPLIES
New Member

Re: Tuning so IP(s) log but never alert

Can you clarify by what you mean in terms of Alert and Event? I believe an Alert is a classification of event. So you can have non Alert type events which are more geared with the system events rather than signature alerts.

If you mean you want to recieve the alerts but not have them show up in the monitoring console, you can control this on via filters on the monitoring station.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap6.htm#wp604198

You can also tune signatures and control what criteria (like IP Address) the signatures will or will NOT alert on.

Here is a link with a sample: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#wp31156

New Member

Re: Tuning so IP(s) log but never alert

Clarification: Say for network 10.0.0.0/24 I would want ALL the events for that network to be logged, but not have them show up on the monitoring console. For network 10.0.0.1/24 I would want selected events to be logged and have them show up on the monitoring console.

From your answer it appears that this would be done at the monitoring console and not on the sensor itself or a combination of both?

136
Views
0
Helpful
2
Replies