Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS Shunning Notification

Hi,

I'm using CSPM 2.3.3i to manage IDS sensor 3.1 with IOS router for block malicious attack (shunning), but how can CSPM configure to send notification to administrator, then tell them what IP address(es) were blocked by ACL at that moment? And can I also generate it from the CSPM report? Thanks

Any feedback would be appreciated.

Regards, Dennis

2 REPLIES
Cisco Employee

Re: IDS Shunning Notification

Unfortunately CSPM doesn't provide any notifications that an IP address was shunned, simply because shunning is carried out by the sensor, not by CSPM. The only place to get a listing of what was shunned is by going through the log file on the sensor itself and searching for the shun keyword. The sensor is a UNIX file system so you can grep all these lines out of the log file on a regular basis or whatever suits you best.

Log file is /usr/nr/var/log.$DATETIME, which is regularly copied and written to /usr/nr/var/new/log.yyyymmddhhmm.

New Member

Re: IDS Shunning Notification

Hi Glenn,

Thanks for your response.

But may i know it can do that in VMS, or future version IDS v4?

Regard,

Dennis.

112
Views
0
Helpful
2
Replies
CreatePlease to create content