Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
2
Replies

VMS IDS MC ACL Violation

g.schaarup
Level 1
Level 1

‎02-16-2004 06:14 AM - edited ‎02-20-2020 09:23 PM

How to find/define the "ACL Violation" TOC/Object (that is the "ACL Violation" handle is missing from my VMS MC IDS).

As I need the "ACL Violation" feature I hope someone can tell why its missing from the possible objects in the Sensor Configuration>Settings>TOC>Signatures> ?

My setup is as following:

CiscoWorks Common Services 2.2 with SP2

IDS MC 1.2 patch 3

Sensors Platform: IDS-4230 Version 4.1(3)S68

Labels:
0 Helpful
2 Replies 2

nikhil_m
Level 1
Level 1

‎02-22-2004 07:02 PM

Any update on this? thanks.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to nikhil_m

‎02-22-2004 09:29 PM

The ACL Policy Violation signature are now handled by the "Service.Syslog" engine in version 4.x.

You need to create a custom signature based on the Service.Syslog engine and place the ip address of the router in the AclDataSource field and the name ofthe ACL in the AclFitlerName field:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm#788774

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents