08-02-2005 08:40 AM - edited 03-10-2019 01:34 AM
I see other postings asking about configuring capturing on the IDSM, but is it possible to do this with and IDS 4235?
08-09-2005 07:53 AM
I guess you have missed out something here what is the other device??
08-09-2005 09:41 AM
I guess I meant to type "a" not "and". The 4235 plugs into a Catalyst 6509, but not sure that is relevant. I am wondering only if the 4235 can do packet capturing based on an alert.
Thanks
08-19-2005 11:08 PM
You can set packet capture or ip logging on any signature. If you connect to the IDS via the IDM interface you can navigate to the signature configuration mode which is nested under configuration - sensor engine - signature configuration mode - all signatures - and then chose which signature you would like to enable the packet capture on and choose edit. You will be presented with a list of variables that you can change for that specific signature. One of the variables is packet capture, set this to true to enable. If you would like a log of traffic between the attacker and the victim you can enable ip logging for that signature. Care should be taken when enabling ip logging on a large amount of signature as this could cause performance issues. You might also want to limit the size of the ip logs if you use this signature other wise you might end up with pretty large log files. Please let me know if you need any more clarification on the process.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide