Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDS version 4.0 and IP Logging

Hi,

I'm testing version 4.0 and i've created some signatures with log feature as action.

1) How do i delete old iplog files ? under IDM and under CLI ?

2) I haven't found any way to see ip log sessions directly under IDS MC. (exists ? ). It's still a two step approach where you need to download it from the sensor then open etherreal. It's not really integrated into IDS MC. Suggestion for a future version: a click on a specific alarm in IDS Mon Center->Event Viewer (with a particular log icon). IDS MC retrieves the log (either locally from the DB or on the sensor) and opens ethereal.

thanks

1 REPLY
Cisco Employee

Re: IDS version 4.0 and IP Logging

There is currently no method for deleting iplogs on the sensor.

The sensor has a preset list of file handles/space to use for iplogs.

When all of the file handles/space have been used, it will automatically delete

the oldest iplog in order to write the new one.

So the user does not need to delete iplogs to keep the sensor in running order.

We have, however, received the usability enhancement request to clear the list of current iplogs in order to make it easier for the user to see the new iplogs with out having to look through the list of old iplogs. (The old iplogs might remain on the system, but would no longer show up in the iplog-status report) I am not sure if / when this feature may be added to the product.

The VMS Security Monitor team is also aware of the request to be able to view iplogs directly through the security monitor (or at least start ethereal for a particular iplog for the designated alarm). They have not had time to implement this feature as of yet.

101
Views
0
Helpful
1
Replies