cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
0
Helpful
2
Replies

Filtering in EV 3.1(1) S33

facundog
Level 1
Level 1

I am using filters "by signature" name in order to exclude a great deal of signatures of the Event Viewer screen. I will need to install several EV all of them with the same views and the same filters.

Is it posible to exports the filters created in one EV to be used in a second EV (the same version 3.1(1) S33)?

Can I export any file including filters information?

2 Replies 2

jlin1
Level 1
Level 1

When you create a filter in IEV, it will create a file with the same name of the filter under '/path to Cisco IDS Event Viewer/IEV/Configures/Filters' directory. You can copy this file into the same directory on another host which has IEV installed. When IEV GUI starts up, it will read that filter file and create the filter. Currently, IEV doesn't support importing the filter file. So you have to do it manually. Make sure you close the GUI before you copy the file and don't change the file name extension.

Other things for you to consider.

If you are always filtering out and never looking at specific signatures then you may want to consider disabling these signatures on the sensor itself. Then the sensor will not generate these alarms and you won't have to worry about making sure they are filtered out on each of your IEV machines.

Also if you are using multiple IEV machines, you may want to consider upgrading to using the IDS Management Center and Security Monitoring Center in the recently released VMS 2.1 bundle (VPN and Security Management System). It is designed as a web based tool for configuraiton and monitoring of multiple sensors by multiple users. It was specifically designed for Enterprise type deployments of IDS sensors.