cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

567
Views
0
Helpful
1
Replies
Highlighted
Beginner

Basic IPS Question

Hi All,

I have my AIP-SSM set up working with my 5520 ASA, and the device is passing packets, but how do I actually confirm it is doing what it is supposed to? I can see that it is processing packets, but I can see no way of verifying what it is doing with them.

Sorry for the basic question, first time working with one.


Thanks,


Dan

SEP-IPS-01# sh statistics virtual-sensor vs0

   Statistics for Virtual Sensor vs0

      Name of current Signature-Defintion instance = sig0

      Name of current Event-Action-Rules instance = rules0

      List of interfaces monitored by this virtual sensor = GigabitEthernet0/1 subinterface 0

      General Statistics for this Virtual Sensor

         Number of seconds since a reset of the statistics = 797757

         MemoryAlloPercent = 44

         MemoryUsedPercent = 41

         MemoryMaxCapacity = 500000

         MemoryMaxHighUsed = 2818519

         MemoryCurrentAllo = 221878

         MemoryCurrentUsed = 207832

         Inspection Load Percentage = 0

         Total packets processed since reset = 265111

         Total IP packets processed since reset = 265111

         Total IPv4 packets processed since reset = 265111

1 REPLY 1
Highlighted
Cisco Employee

One thing you can do occasionally is use the show event alert command to see what kinds of alarms the IPS is generating and what it is doing with these alarms.  Depending on the level of information you want you may need to configure your IPS to produce alerts or verboe alerts.

For instance:

show event alert past 01:00 will list all events from the last hour.

Content for Community-Ad