Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
4
Helpful
6
Replies

"ip audit" command not found

Go to solution
nocsertech
Level 1
Level 1

‎11-05-2016 03:00 AM - edited ‎03-10-2019 06:42 AM

Hi expert

I would like to configure IDS on my C7200 NPE-G1 to monitor my out bound traffic of my WS-C6504.

I tried to follow instruction here "IDS instruction". I am unable to apply the first command below. There are no such command. Is there anything I need to enable prior to this?

Thank you in advance for your help.

Router(config)#ip audit?
% Unrecognized command
Router(config)#ip audit

Router(config)#ip audit notify log
                               ^
% Invalid input detected at '^' marker.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎11-05-2016 06:42 AM

The implementation of IPS changed many times in the past. If your IOS is not really ancient, it's likely that the command is "ip ips ..." on your router.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Karsten Iwen
VIP
VIP

‎11-05-2016 06:42 AM

The implementation of IPS changed many times in the past. If your IOS is not really ancient, it's likely that the command is "ip ips ..." on your router.

0 Helpful

Go to solution
nocsertech
Level 1
Level 1
In response to Karsten Iwen

‎11-05-2016 10:27 AM

Thank you for taking time to reply. I wish to use IDS instead of IPS. My goal is to have alert on suspicious traffic instead of blocking them. The reason is to avoid false positive and blocked good traffic.

I am considering using NPE-G1 or IDSM-2. My traffic to WAN is about 100mbps. 

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to nocsertech

‎11-05-2016 10:36 AM

It's the syntax that changed over time. You still have the possibility to operate in IDS or IPS mode. IDSM-2 is completely outdated. You should look at FirePower for up-to-date IPS/IDS.

0 Helpful

Go to solution
nocsertech
Level 1
Level 1
In response to Karsten Iwen

‎11-05-2016 11:28 AM

Noted the mode setting. Thank you for the valuable info.

Noted your recommendation of FirePower.

The intention is to have better monitoring on suspicious traffic especially for smtp spamming out from our network. Once alerted, we will investigate manually. Since we have 2 units of C7206 NPE-G1 in store sleeping do nothing, I planned to use them for IDS purpose.   

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to nocsertech

‎11-05-2016 11:54 AM

Also think about sending NetFlow data to a netflow collector. That will also show you when the behavior of your network changes. Probably it will give you more useful information than IDS in that case.

Go to solution
nocsertech
Level 1
Level 1
In response to Karsten Iwen

‎11-05-2016 12:02 PM

Thank you. Will study NetFlow to understand more.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card