Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can the IDSM log any info?

I need a MAC address for this msg coming from my IDSM (old version):

Event Date/Time: 2003/01/20 - 11:59:27

Source: Destination:

SigID:SubSigID: 1104:0 SigName: IP Source Address Localhost MsgCount: 451


Re: Can the IDSM log any info?

The IDS can log information. Logging of security information is performed on two levels: logging of events (such as IDS commands, errors, and alarms), and logging of individual IP session information.

The loggerd is responsible for writing error, command, and alarm entries to log files on the Sensor/IDSM.

I guess you would need to run the daemon. I am not sure about the MAC address from the message.

Cisco Employee

Re: Can the IDSM log any info?

This is where the differences between the IDS Module for the Cat 6000 and the IDS-42xx appliances can be seen. The sensors do not place MAC Address information in the generated alarms. So to see MAC address information you would need to be able to see the actual packets. The IDS Module does not provide a method for logging the binary packet for the user to look at. The IDS-42xx appliances have an IP LOG feature that logs the binary packets in a libpcap format that can be read with tcpdump or ethereal.