Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security Monitor for IDS Problem

Hi All,

I'm running Security Monitor 1.2 on CiscoWorks Common Services 2.2 with the latest Signature update (S65). When I select Monitor/Events/today's date, the alarms from yesterday are in the count as well. This has been happening for awhile and it's very annoying. I would really apprecitaed if someone can provide any insight. Many thanks in advance.

Damien

3 REPLIES
Cisco Employee

Re: Security Monitor for IDS Problem

Only thing I can think of is the time/date controls on the Event Viewer launch pad page refer to the time the event is *inserted* in the SecMon/MC database, not the time the event is generated on the Sensor. The date and time columns in the event viewer, however, correspond to the Sensor event generation times.

Could this explain the discrepancy? If there's delays from the time the event is seen by the sensor till that event is written into the SecMon database then you'd get this happening.

Note that this will be fixed ultimately when we introduce the ability to apply generic "filters" to the event viewer.

New Member

Re: Security Monitor for IDS Problem

Just curious, how many alarms do you get in a day?

New Member

Re: Security Monitor for IDS Problem

Tens of thousand including FP but with all my filters in place, it averages ~two thousand.

99
Views
0
Helpful
3
Replies
CreatePlease to create content