Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
315
Views
0
Helpful
2
Replies

A bit confused on signatures

twiggles
Level 1
Level 1

‎09-16-2002 01:36 PM - edited ‎03-09-2019 12:19 AM

Hey all, after reading two PDFs on the CIDS setup and tinkering a bit, I'm slightly confused. I would like to write a short script to take the alerts generated by the IDS and pipe them to logger via cron every 5 minutes or so. The problem is I'm not sure where the alerts are being held. Are they the ones with names like "log.200209161909" (in /usr/nr/var)? If so then how do I get understandable output from them?

I'm sorry if this is a bit low-level, I'm really trying to grasp what is where on this sensor (a FreeBSD junkie stuck in Solarisville). Thanks for any help.

PS - If anyone has already written a text->logger script for this and is willing to post it I would appreciate it. :-)

Labels:
0 Helpful
2 Replies 2

klwiley
Cisco Employee
Cisco Employee

‎09-16-2002 02:01 PM

The logfile in /usr/nr/var is the current active log it is a memory mapped file and there fore will not be able to be used easily by your script. The files in the /usr/nr/var/new directory are the completed logs and are human readable, albeit they will be time delayed depending on how often your log files in /usr/nr/var are being turned over.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to klwiley

‎09-16-2002 02:49 PM

The log files in /usr/nr/var/new are in a comma delimited format.

That format is described in the IDM Configuration Note:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid55

0 Helpful
Customers Also Viewed These Support Documents