02-16-2004 06:14 AM - edited 02-20-2020 09:23 PM
How to find/define the "ACL Violation" TOC/Object (that is the "ACL Violation" handle is missing from my VMS MC IDS).
As I need the "ACL Violation" feature I hope someone can tell why its missing from the possible objects in the Sensor Configuration>Settings>TOC>Signatures> ?
My setup is as following:
CiscoWorks Common Services 2.2 with SP2
IDS MC 1.2 patch 3
Sensors Platform: IDS-4230 Version 4.1(3)S68
02-22-2004 07:02 PM
Any update on this? thanks.
02-22-2004 09:29 PM
The ACL Policy Violation signature are now handled by the "Service.Syslog" engine in version 4.x.
You need to create a custom signature based on the Service.Syslog engine and place the ip address of the router in the AclDataSource field and the name ofthe ACL in the AclFitlerName field:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm#788774
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: