Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Collecting IPS Error Events and Status Events in CS-MARS

Does anybody know how to collect either the "Error Events" or the "Status Events" from 4200 series IPS devices in CS-MARS? The only events that seem to be collected by CS-MARS are the "Alert Events".

1 REPLY
Silver

Re: Collecting IPS Error Events and Status Events in CS-MARS

You can use the show events command to view the alerts generated by SensorApp and errors generated by an application

• evError-Application errors

• evStatus-Status changes, such as an IP log being created

The show events command is useful for troubleshooting event capture issues in which you are not seeing events in Event Viewer or Security Monitor. You can use the show events command to determine which events are being generated on the sensor to make sure events are being generated and that the fault lies with the monitoring side.

158
Views
0
Helpful
1
Replies