Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
592
Views
0
Helpful
6
Replies

Alerts

prashantrecon
Beginner
Beginner

‎11-27-2012 06:28 AM - edited ‎03-10-2019 05:50 AM

Hi All,

I have tunned signatures for u torrent to get alerts on ips.

Used utorrent on pc  to download software but still i am not receving any events on ips.

What may be the issue.Ping and traceroute works fine from pc to ips.

Can anyone guide to tune basic signature to get alerts on ips?

Labels:
0 Helpful
6 Replies 6

Julio Carvajal
Advisor
Advisor

‎11-28-2012 05:49 PM

Hello Prashant,

Do you get events with ICMP traffic?

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

prashantrecon
Beginner
Beginner
In response to Julio Carvajal

‎11-28-2012 08:39 PM

Hi ,

By default in IPS icmp echo reply and echo request signature is disable.

i getting only events related to global correlation.(curreltly i am not using global correlation , i have not configured it)

Regards,

Prashant

0 Helpful

Julio Carvajal
Advisor
Advisor
In response to prashantrecon

‎11-29-2012 08:45 AM

Hello Prashant,

By default in IPS icmp echo reply and echo request signature is disable.

Exactly so why dont you enable it and set it to generate an alert so you can see them??

I mean I dont think I understand your question is this is not what you are looking for!!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

prashantrecon
Beginner
Beginner
In response to Julio Carvajal

‎11-29-2012 07:59 PM

Actually my issue is that for example if i enable the Echo reply and echo request signature and when i ping to any website or ip i am not getting any alert on my ips.

and also if i am looking for last 72 hours events in cisco ASDM for ips i am not getting any events except ""

A global correlation update failed: openConnection: ""

About 15 days before i am able to see last 24 hours events(example dos attacks)

any clue why there is no events generating in IPS.

Regards,

Prashant

0 Helpful

Julio Carvajal
Advisor
Advisor
In response to prashantrecon

‎12-01-2012 11:39 PM

Can you share the running configuration for that particular signature, or take some captures related to the signature configuration and post it here.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

prashantrecon
Beginner
Beginner
In response to Julio Carvajal

‎12-02-2012 08:25 PM

Hi,

let take a example echo reply and echo request .

Can you help me to take capture and running cofig for above mention signature.

Reagrds,

Prashant

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents