I have and IDS 4210 and a CSPM 2.3i configured. In the event viewer of the CSPM I can only see information of route status up or down but I can not get any reports of activity (most active users, most active web site, etc).
I have already test the "nrstatus", "snoop -d iprb0", "nrconns" and everything seems to be fine.
My configuration is through a PIX 515. Is there something special I have to do to get these reports ?.
You can see the traffic at the sensor but no alarms via the event viewer? Is that right? If so, there is a box where you enter the interface that is doing the snooping. I think it is in the sensor area of CSPM, says something like /dev/spwra or something (sorry, moved on to IDS MC) but I had the same issue with the 4235. Make sure it is watching the correct interface on the sensor for traffic.
I found that the sensor was monitoring the other interface and I already fix it.
I didn´t know that the user activity reports and web reports were exclusively for the syslog messages coming from the routers or firewalls, so this is not an issue and I should use CSPM 3.0 to get these kind of reports.
I was wondering why you have to use another box to get these reports. If you have some alternatives please let me know.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...