Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
0
Helpful
1
Replies

Help with IME 7.1 and store events

Alvaro Perez Unzueta
Level 1
Level 1

‎09-01-2011 04:11 PM - last edited on ‎03-25-2019 05:20 PM by Community Manager

Hello,

I have a trouble with an IPS 4270, I have configured the IPS in inline mode with policy action sg0 with log all permit (packet, atack, victim). I wan to store the events in the external server or I want to see in the IME 7.1, but I can not see this events. How i can configure the IME to i see this events and generate reports. I have seen in Cisco Guide, but I havent understand.

Sorry form y english.

Regards,

Álvaro

Labels:
0 Helpful
1 Reply 1

Dustin Ralich
Cisco Employee
Cisco Employee

‎09-06-2011 07:45 AM

Hello Alvaro.

I have configured the IPS in inline mode with policy action sg0 with log all permit (packet, atack, victim).

If you mean you have configured an EAO (Event Action Override) set to add the Log Attacker Packets, Log Victim Packets, and Log Pair Packets Actions: This will almost certainly result in your sensor becoming oversubscribed, unresponsive, etc. Please review the section of this document regarding this.

I want to see in the IME 7.1, but I can not see this events. How i can configure the IME to i see this events

You can download copies of the IP Log file(s) present on the sensor from within IME from the Configuration tab > Sensor Monitoring > Time-Based Actions > IP Logging section. Each IP Log file has an associated "Alert ID" that corresponds with the event/Alert that generated it.

The Alerts themselves can be reviewed via IME's Event Monitoring tab.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card