I have a very basic question. We have a 4250 IDS running version 4.1. I use IDS Device Manager to configure the IDS. My question is: What is an Event Filter? Once you create an Event Filter, what happens to the traffic that matches the filter? Is that traffic ignored or is it specifically looked upon?
If "Exception" is set to False then the line will attempt to Exclude the alarms matching the other paramaters.
If the "Exception" is set to True, however, then it overrides any fitlers where Exception was set to False that match the same alarm. So "Exception" set to True acts as an Include over riding the Excludes for those alarms.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...