Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
2
Replies

Can the IDSM log any info?

dlac455
Level 1
Level 1

‎01-20-2003 11:15 AM - edited ‎03-09-2019 01:45 AM

I need a MAC address for this msg coming from my IDSM (old version):

Event Date/Time: 2003/01/20 - 11:59:27

Source: 127.0.0.1:0 Destination: 255.255.255.255:0

SigID:SubSigID: 1104:0 SigName: IP Source Address Localhost MsgCount: 451

Labels:
0 Helpful
2 Replies 2

fmeetz
Level 4
Level 4

‎01-24-2003 09:57 AM

The IDS can log information. Logging of security information is performed on two levels: logging of events (such as IDS commands, errors, and alarms), and logging of individual IP session information.

The loggerd is responsible for writing error, command, and alarm entries to log files on the Sensor/IDSM.

I guess you would need to run the daemon. I am not sure about the MAC address from the message.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to fmeetz

‎01-24-2003 11:41 AM

This is where the differences between the IDS Module for the Cat 6000 and the IDS-42xx appliances can be seen. The sensors do not place MAC Address information in the generated alarms. So to see MAC address information you would need to be able to see the actual packets. The IDS Module does not provide a method for logging the binary packet for the user to look at. The IDS-42xx appliances have an IP LOG feature that logs the binary packets in a libpcap format that can be read with tcpdump or ethereal.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents