Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
2
Replies

Tuning so IP(s) log but never alert

5creedus
Level 1
Level 1

‎10-31-2005 10:25 AM - edited ‎03-10-2019 01:43 AM

Version 4.1(5). Is there a global way to tune by IP(s) such that the IP(s) continue to show up, but never alert? Example, for IP 10.0.0.1 I want no alerts for any signature, but want to see the events.

Labels:
0 Helpful
2 Replies 2

jlimbo
Level 1
Level 1

‎11-01-2005 09:30 PM

Can you clarify by what you mean in terms of Alert and Event? I believe an Alert is a classification of event. So you can have non Alert type events which are more geared with the system events rather than signature alerts.

If you mean you want to recieve the alerts but not have them show up in the monitoring console, you can control this on via filters on the monitoring station.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap6.htm#wp604198

You can also tune signatures and control what criteria (like IP Address) the signatures will or will NOT alert on.

Here is a link with a sample: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#wp31156

0 Helpful

5creedus
Level 1
Level 1
In response to jlimbo

‎11-02-2005 10:01 AM

Clarification: Say for network 10.0.0.0/24 I would want ALL the events for that network to be logged, but not have them show up on the monitoring console. For network 10.0.0.1/24 I would want selected events to be logged and have them show up on the monitoring console.

From your answer it appears that this would be done at the monitoring console and not on the sensor itself or a combination of both?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card