Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

One of our customer question on the ips alarm

arumugasamy
Level 1
Level 1

‎03-19-2007 09:27 AM - edited ‎03-10-2019 03:31 AM

Dear

I am not getting the right answer. I am not asking about the signeture but I am asking how to include the action taken by the IPS into the alarm email sent to us, so we know what action was taken by the IPS regarding this signeture. Currently , the IPS send the following email :

Date= 2007/02/16

Time= 22:44:13 Arab Standard Time

SIGID= 5081:0

5326:0

SIGNAME= WWW WinNT cmd.exe Access

Root.exe access

Victime= 193.188.x.x

AttackerAddress= 211.136.x.x

Which does not contail the ACTION.

Labels:
0 Helpful
1 Reply 1

qmccallum
Level 1
Level 1

‎03-19-2007 04:51 PM

I just got off a conference call with several Cisco technical/managerial folks about this very issue. I, too, want to know what the IPS did with the traffic and if it passed it, I want to know why.

I was told a couple of folks I spoke with monitor this forum closely and should respond to you.

Here is what I understood:

1) One of the attendees is checking/confirming that this information is still being outputted by the IPS device. The client (VMS, IEV, MARS).

2) There is a bug that prevents this information to being included in SNMP traps.

Thanks,

Quentin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card