Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Alarms set to information don't show up in the Event Viewer

I enabled TCP Connection Signature (Connection request- ftp) and set the severity to "Information" but no alarms appear on the Event Viewer. Should I not be getting these alarms?

When I set the severity level to low I do get the alarms.

Thanks in advance.

Chris

1 REPLY
Cisco Employee

Re: Alarms set to information don't show up in the Event Viewer

Do the following:

1) Check the destination entry for your Event Viewer. Ensure that the sensor is configured to send Informational alarms to the Event Viewer. It could be that it is configured to only send Low level or higher alarms.

2) Check the severity level for the 3000 signature. Set the severity level of this signature to the highest severity level being set for any of your TCP Connection SIgnatures. Severity the 3000 signature severity level too low could turn off all of the TCP Connection signatures.

The Line to look for in packetd.conf is:

SigOfGeneral 3000 0 x x x x x

where x is the severity number.

82
Views
0
Helpful
1
Replies
CreatePlease to create content