Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internal network setting for Security monitor

I've setup my internal networks for each of my sensors but when viewing reports the events are still showing up as OUT (external) when they should be IN (internal). Anything else I need to do besides annotate the IPs in MC IDS? I've rebooted all the devices including the VMS server. My filters don't work at all if the internal networks aren't recognized.. I've tried using an IP range as well as a network w/mask. Thanks for the help.

2 REPLIES
New Member

Re: Internal network setting for Security monitor

Any update on this ?

Cisco Employee

Re: Internal network setting for Security monitor

First thing to verify is that the configuration you've entered through IDS MC is making it onto the sensor.

Login to the sensor CLI.

Execute:

configure terminal

service alarm-channel-configuration virtualAlarm

tune-alarm-channel

systemVariables

show settings

You should see the list of addresses in your show settings output.

If they don't show up, then check your IDS MC. Verify that the IDS MC pushed the configuration without any errors.

If the addresses do show up then exit back to the main CLI mode.

Then execute "show events alert".

Look at the events reported by the CLI to verify if the addresses are being properly marked in the CLI.

If they are being properly marked in the CLI then your configuration is correct. Reverify what is being seen in Security Monitor.

If they are being marked as OUT in the CLI then are you willing to paste examples in a response?

We would need the output from "show settings" and a copy of the alert from the "show events alert" output.

I can take a look to see if there may be a configuration error that is not being detected, or if we have a sensor bug.

255
Views
0
Helpful
2
Replies
CreatePlease login to create content