I did a simple setup in my LAB. IDS version is 3.1. I placed my sensor in 192.168.1.100 address and one more machine as my IEV host. I installed IEV in that machine which is the event destination. I got my connection established to the sensor. In the event view i got "route up " alarm. Thought my connecion is complete i could not get any alarm apart from route up and route down(because i tried moving my monitoring interface cable). I tried adding the internal network in the idm manager , but stil its not detecting any kinds of attack. I tried lots of IIS exploit attacks and ICMP flood attack. What am i missing ?
I checked the status of the sensor and the process its running..tried restarting the sensor.. it did not help
Re: IDS not functioning. No events generated in IEV
How do you initially configure the sensor?
If you run nrconns is there a process nr.packetd running?
If nr.packetd is running then check and see if any alarms are being generated in the /usr/nr/var/log.* file.
If nr.packetd is not running then keep reading below:
When configuring the sensor you use sysconfig-sensor.
Option 6 is for setting up the communication parameters.
During option 6 you will be asked the following question:
"Will IDM (WEB based Intrusion Detection Device Manager) be used
to configure the sensor (y/n)"
Answering "n" to this question prompts you for the IDS managers hostid, orgid, etc, BUT will not start nr.packetd. The IDS manager will have to push a new configuration which starts nr.packetd. The only IDS managers that can do this are CSPM, Unix Director, and IDS MC. If you are using IEV and configuring with IDM then do not answer "n" to this question.
Answering "y" to this question will start up nr.packetd. This is what you want if using IEV. Then you need to follow the instructions in the user's guide for how to configure the sensor THROUGH IDM to talk with the IEV.
I would recommend following the steps from the following link:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :