Configuring signature through IPS Manager in CSM3.0

rkumares · ‎06-27-2006

I was trying to customize the siganture with IPS manager in CSM3.0.Any changes in CSM3.0 only displays in the window but looks like it is not been applied to IDSM2 which has IPS v5.1.The same change If I make through IDM to idsm2

it works fine.

This how I am testing: Just changed the sev level (low to high) in one of the bulit in siganture (say 2100 sweep)

from the IPS manager in CSM3.0.Then, when a traffic triggers that signature,the IPS Eventviewer still shows the sev level as "low" only.

But if I do the same changes though IDM I can see the sev level as "high" in the IPS event viewer5.0.

I also have 2 x 6500 with single IDSM2 on both switches.I could add only one IDSM2 to IPS manager (via DCR in comman services )and the other one I couldnot.Any suggestions please

a-vazquez · ‎07-03-2006

Make sure that IOS IPS Sensor is configured.Make sure the username used for http access and configured in IPS Manager for SDEE access is configured for privilege 15 in ACS server.

rkumares · ‎07-03-2006

Hi,Thanks for your response.IPS Sensor is configured.I use the same username/password with priv15 through IDM as well.

Here is the Problem Summary:

============================

We are using CSM3.0 for managing IDSM2 modules and we are having the following difficulties

I. Adding new IDSM2 sensor module into CSM3.0 through IPS

II.Customization of any signature

I.Adding new IDSM2 sensor module into CSM3.0 through IPS

We followed up the below procedures to add the IDSM2 modules

1.Go to CCS, device crenditials, select the type as cisco service modules and give the device crenditials like IP Address, username/password etc

2.Go to IPS Manager, under device tab we could see the IDSM2 module has been added.Then go to sensor group and re-import it.It works fine ie we could add and see the same in IPS manager.

Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS

3.We could see that the same has been added into common services.But when we see in IPS Manager Device sensor or sensor group, we could not see the IDSM2 module.

Only the 1st sensor is showed in the IPS window.So we couldnot re-import the second sensor in to the specified group ( the group is same as the 1st sensor)

II.Customization of any signature:

We followed up the above said procedures ( as per I 1 to 2) to add the IDSM2 modules

Note: 1st sensor was successfully added where as the 2nd sensor couldnot be added in IPS

1.Go to configuration, select the IPS siganture5.1, apply some changes like

Changing the sev level from ?low? to ? high? for one of the built in signature ( ID 2100) by tuning. The changes appear in the CSM IPS console. But it doesn?t apply to the IDSM module. After this change, if the signature triggers IEV should show the changed level ? high?. But the IEV still shows the old level for the signature ID 2100 as ?low? only. The main screen under device tab still shows that configuration as pending.ie it looks like the changes made in CSM/IPS manager doesn?t applied to IDSM2 module

Note: If we make the same changes by using the IDM which behaves as expected.ie IEV shows the sev level for the tuned signatureID (2100) as ?high?

Please suggest us where are we missing?

Here are the details about the modules

Module: IDSM2 module

Ver: 5.1(1)S229.0V1.0

CSM : 3.0

IEV: 5.1.1