Hello, I see from the IME documentation there are 4 MIBs which can be used to monitor the IPS. (They are: CISCO-CIDS-MIB, CISCO-PROCESS-MIB, CISCO-ENHANCED-MEMPOOL-MIB, CISCO-ENTITY-ALARM-MIB)

I would like to find out whether it's possible to use these MIBs to monitor errors and inspection load on one of my IPS 4255 interface? If so, which one(s) are appropriate?

Here is my issue. I've been getting high inspection load on the IPS interface...I did some searching on this forum and found that the following metrics can be used to monitor high inspection load - Missed Packet Percentage, Total Receive Errors, and Total Receive FIFO Overruns.

I have checked the IPS's placement on my network (my IPSs are all running promiscuous mode), and have made changes to address the amount of traffic appearing on the IPS interface. I'm seeing less inspection load, but if I refresh the interface (show interface gigabitethernet0/0) I still see the Receive Errors and FIFO Overruns continue to go up. I'd like to get a better picture of these numbers over time using SNMP or some other viable method.

The other thing I noticed is that the errors seem to be going up even when Inspection Load is less that 100%? Maybe it's just spiking and I don't see it - this is where some automated tool might be able to help me understand what's happening on that interface. I'm especially concerned because I want to be able to monitor TCP Hijack, and these signatures look at the ACK sequence - if I get a lot of errors or missed packets then I will get a lot of false TCP Hijack alarms since the ACKs will be out of sequence.