How do you set up IP logging so that I can drill down more into the alarms? Also is this something that can be done all the time or is it only if i set it up per instance.
You need to enable it per signature. It saves to a file so you can view with Ethereal, sniffer, etc. Don't enable for too many signatures since it can fill the drive on the IDS sensor.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.