Solved: Ids does not work! It cannot see any attack?

net-wolf · ‎10-13-2002

ids is 4230

command 'snoop -d spwr' work well and see many network flow,not only broadcast messages.

command ' nrconns' display that the ids sensor established connections with cspm2.3.3i.

but I did'nt found any attack log in cspm "tools|view sensor events|databse",

only found some event such as route up ,route down,post office initial notification.

What's wrong whit it ?

How to tell the ids sensor work well while attack take place?

Please drop me a note.

jekrauss · ‎10-14-2002

Have you pushed your config from CSPM (approve now)?

If so, on your sensor, check to see if packetd is running:

nrstatus should show it's running.

If it's not running, then you need to push the config out from CSPM.

If it is running, but you're not seeing events, then you may not have the correct NameOfPacketDevice in your file:

/usr/nr/etc/packetd.conf

make sure that it's spwr0

HTH

Jeff

jekrauss · ‎10-14-2002

Have you pushed your config from CSPM (approve now)?

If so, on your sensor, check to see if packetd is running:

nrstatus should show it's running.

If it's not running, then you need to push the config out from CSPM.

If it is running, but you're not seeing events, then you may not have the correct NameOfPacketDevice in your file:

/usr/nr/etc/packetd.conf

make sure that it's spwr0

HTH

Jeff

net-wolf · ‎10-14-2002

Thank you very much .

A new question:

CSPM-2.3.3i-S33-exe DOES NOT support IDS Sensor Version 3.1(2)S25 ?

please see the new post.