Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
0
Helpful
1
Replies

IPS event store

mj11
Level 3
Level 3

‎11-20-2008 01:11 AM - edited ‎03-10-2019 04:23 AM

Hi Netpros

I have upgraded an IPS to version 6.2(1)E3, I am now having issues with being able to retrieve events from my unit via RDEP, the problem is with the amount of data I am getting, I know after 5.0 the eventStore was fixed to about 30MB but I am not getting anywere near that. Does anybody know of any issues with this release.

Regards MJ

Labels:
0 Helpful
1 Reply 1

attmidsteam
Level 1
Level 1

‎11-20-2008 10:05 AM

Have you been watching the log to see how often it rotates? A default Cisco signature set is extremely noisy and on a busy sensor I've seen the eventstore rotate every 60-90 seconds. At those rates, RDEP/SDEE can only retrieve 500 or 1000 events per pull and it may not be fast enough.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card