01-20-2003 11:15 AM - edited 03-09-2019 01:45 AM
I need a MAC address for this msg coming from my IDSM (old version):
Event Date/Time: 2003/01/20 - 11:59:27
Source: 127.0.0.1:0 Destination: 255.255.255.255:0
SigID:SubSigID: 1104:0 SigName: IP Source Address Localhost MsgCount: 451
01-24-2003 09:57 AM
The IDS can log information. Logging of security information is performed on two levels: logging of events (such as IDS commands, errors, and alarms), and logging of individual IP session information.
The loggerd is responsible for writing error, command, and alarm entries to log files on the Sensor/IDSM.
I guess you would need to run the daemon. I am not sure about the MAC address from the message.
01-24-2003 11:41 AM
This is where the differences between the IDS Module for the Cat 6000 and the IDS-42xx appliances can be seen. The sensors do not place MAC Address information in the generated alarms. So to see MAC address information you would need to be able to see the actual packets. The IDS Module does not provide a method for logging the binary packet for the user to look at. The IDS-42xx appliances have an IP LOG feature that logs the binary packets in a libpcap format that can be read with tcpdump or ethereal.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: