Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
Gold

IPS status events not collected by CSMARS

Are there any plans to have CSMARS collect status events from Cisco IPS devices? For example, wouldn't it be nice to know if someone was running an HTTP brute-force against the web interface on the sensor? Or perhaps knowing when a SPAN has broken ("traffic flow notification" events). Seems like a no-brainer to me...what am I missing?

2 REPLIES
Silver

Re: IPS status events not collected by CSMARS

1. Log into the MARS GUI

2. Click on Admin > System Maintenance > Set Runtime Logging Levels

3. Change the level to INFO for all processes other than pnids40_srvpnids50_srv

4. For these 2 processes, change the logging level to TRACE

5. Click on 'Change Logging Levels

Gold

Re: IPS status events not collected by CSMARS

Thanks for your reply.

This only effects "back-end" logging correct? The status events still won't show up in the CSMARS GUI as events that can have rules applied to them? If this is true, then this is not very useful to me.

94
Views
0
Helpful
2
Replies
CreatePlease to create content