Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
181
Views
0
Helpful
2
Replies

IDSMC and Monitor Ideas

paulhignutt
Level 1
Level 1

‎01-05-2004 11:06 AM - edited ‎03-09-2019 06:02 AM

How many of you have had problems getting IDSMC (particulary), to just plain work at all. It seems with me that everytime I get it working if I make any change it all, it just falls apart. Does anyone know of a good place to start learning how this software is SUPPOSED to work? And all the little quirks/ins and outs of this system? I have 14 sensors 4.x and 3.x that I'm responsible for and I'm getting stressed trying to keep this afloat.

Thanks

Paul

Labels:
0 Helpful
2 Replies 2

umedryk
Level 5
Level 5

‎01-08-2004 07:38 AM

You can get the requiered info from this link:

http://www.cisco.com/en/US/products/sw/cscowork/ps3990/prod_release_note09186a00800e4966.html

0 Helpful

5mlattimore
Level 1
Level 1

‎01-12-2004 04:26 PM

Paul,

I had some issues the first couple installs and then was told that I couldnt mix n' match 3.x and 4.x sensors with the MC so I stuck with 3.x

After opening a TAC case to resolve sensor communication errors (they couldnt figure it out either) I reinstalled again and it started working -

The issue I have seen has been with worm alarms ala Nachi-

The sheer number of alarms (even tweaking the signature to fire on GlobalSumamrize doensnt help ) overwhelms the Security Monitor rendering it useless.

We had to turn off the Nachi alarms (so whats the point of having the IDS if it cant handle alarms) and lose visibility.

We are looking at other products- one of which handled 17 million nachi alarms in a 24 hr period successfully- and the Security Monitor was brought to its knees.

We tried running the MC/SecMon on VMWARE with 4gb ram and 2 CPUS and both CPUS run at 85% utilization with 14 3.x sensors reporting to it.

The verdict is not good.

Cisco should be listening...

maybe if you can report your specific issues someone here will be able to recognize it and give you a workaround.

I certainly have seen it break a lot and have loads of reinstall experience.

You running the latest VMS 2.2 and IDSMC 1.2?

Let me know how I can help you.

Good luck

Mike

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents