IDS MC v1.1

wkho · ‎12-02-2003

Can I use IDS MC v1.1 to manage both IDSMv1 and IDSMv2? I can setup all the IDSMs but when I try to look at the signatures, I see nothing for both IDSMv1 and v2. In addition, I do not see the filters that were setup on the IDSMv2.

Thanks

marcabal · ‎12-02-2003

Yes, IDS MC 1.1 should be able to manage both IDSM-1 and IDSM-2.

NOTE: I would recommend upgrading to VMS 2.2 with IDS MC 1.2. If you are running Solaris IDS MC I think you may need to upgrade to 1.2 for IDSM-2 support.

Things to check:

1) The IDSM-1 must be running 3.0(5) or later. Version 3.0(5) contained the SSH server needed for management by the IDS MC. It is best to be running 3.0(6) with the latest signature update.

2) The IDS MC itself will need to be updated with the same update to match the version loaded on the sensors. There are separate updates for IDSM-1 and IDSM-2 and both must be loaded on the IDS MC. For example, there is a version 3.0(6)S58 update for IDSM-1, and a 4.1(2)S58 update for IDSM-2. Both the updates would have to be installed on the IDS MC even though both are for S58.

3) When adding the sensor to the IDS MC there is an option for having IDS MC discover/download the current configuration of the sensor. Be sure the IDS MC has already been loaded with the same update as what is on the sensor, and then add the sensor and download the sensor's configuration. Everything should show up in the IDS MC for the sensor's configuration.

I've also been told that the IDS MC may also let you discover/download the current configuration of a sensor that was previously added. If you can find out how, you may want to try that as well.