Tuned Sigs in IDS MC not Showing up in Event Viewer
On the IDS MC I turned down a signature (MSSQL) from high to low because of its great numbers. I saved the pending config, generated it and deployed it. I could not verify it was deployed because the reports came back blank when I did an audit log. However, after rebooting the MSSQL sig was tuned down to low on the IDS MC. When I opened the event viewer (using a time after the config change) it still showed the MSSQL as a high alarm and all of the alarms, almost a thousand a second.
Did I miss a step somewhere? Why is the reporting tool coming back blank? Why isnt the Monitoring Center using tuned signatures?
Re: Tuned Sigs in IDS MC not Showing up in Event Viewer
I am not sure why IDS MC would report back blank reports.
But as for the alarms themselves there are 2 things to consider.
1) Tuning the alarm in IDS MC will not affect alarms that were previously generated.
Look at the time in the alarms on the Monitoring Center to see when they were generated.
If they are old alarms then you will just need to delete them.
2) The configuraiton in IDS MC is not a Monitoring Center configuration, but rather a sensor configuration. So the next thing to check is whether or not your configuration change in IDS MC made it to the sensor.
Login to the sensor's CLI and type "show config".
Look through the configuration for the signature you've tuned and make sure the severity was downgraded to Low.
If you can't find the configuraiton change in show configuration then it is possible that the configuration change was not pushed from the IDS MC to your sensor.
Try depoying the IDS MC configuration again, and then check the sensor configuration to ensure it was updated.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :