cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
1
Replies

Monitoring AIM-IPS-K9 and AIP-SSM-10

mdreelan
Level 1
Level 1

Does anyone have any tips on monitoring the IPS devices for being up, healthy, not-in-bypass, and running normally, I had five of them fail after the E3 upgrade (one is still tweaked due what TAC has identified as a corrupt license issue). Although CSMARS 6.0 lists some unreachable devices once daily, it has all devices in the list making it less that useful information, but that is a different question.

AIM-IPS-K9: 19 ea.

AIP-SSM-10: 3 ea.

1 Reply 1

rhermes
Level 7
Level 7

Cisco had orginally planned to add a "keep alive" signature to 6.0. but that feature got dropped. The intent was to fire off a signature every few mins as long as the sensor was seeing valid traffic. The absence of seeing this signature should trigger some attention to a downed sensor.

You can write a custom sig, but you have to be able to detect the loss of that event to be of value.

Review Cisco Networking for a $25 gift card