Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VMS IDS MC ACL Violation

How to find/define the "ACL Violation" TOC/Object (that is the "ACL Violation" handle is missing from my VMS MC IDS).

As I need the "ACL Violation" feature I hope someone can tell why its missing from the possible objects in the Sensor Configuration>Settings>TOC>Signatures> ?

My setup is as following:

CiscoWorks Common Services 2.2 with SP2

IDS MC 1.2 patch 3

Sensors Platform: IDS-4230 Version 4.1(3)S68

2 REPLIES
New Member

Re: VMS IDS MC ACL Violation

Any update on this? thanks.

Cisco Employee

Re: VMS IDS MC ACL Violation

The ACL Policy Violation signature are now handled by the "Service.Syslog" engine in version 4.x.

You need to create a custom signature based on the Service.Syslog engine and place the ip address of the router in the AclDataSource field and the name ofthe ACL in the AclFitlerName field:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm#788774

244
Views
0
Helpful
2
Replies