10-13-2002 11:35 PM - edited 03-09-2019 12:39 AM
ids is 4230
command 'snoop -d spwr' work well and see many network flow,not only broadcast messages.
command ' nrconns' display that the ids sensor established connections with cspm2.3.3i.
but I did'nt found any attack log in cspm "tools|view sensor events|databse",
only found some event such as route up ,route down,post office initial notification.
What's wrong whit it ?
How to tell the ids sensor work well while attack take place?
Please drop me a note.
Solved! Go to Solution.
10-14-2002 03:41 PM
Have you pushed your config from CSPM (approve now)?
If so, on your sensor, check to see if packetd is running:
nrstatus should show it's running.
If it's not running, then you need to push the config out from CSPM.
If it is running, but you're not seeing events, then you may not have the correct NameOfPacketDevice in your file:
/usr/nr/etc/packetd.conf
make sure that it's spwr0
HTH
Jeff
10-14-2002 03:41 PM
Have you pushed your config from CSPM (approve now)?
If so, on your sensor, check to see if packetd is running:
nrstatus should show it's running.
If it's not running, then you need to push the config out from CSPM.
If it is running, but you're not seeing events, then you may not have the correct NameOfPacketDevice in your file:
/usr/nr/etc/packetd.conf
make sure that it's spwr0
HTH
Jeff
10-14-2002 08:16 PM
Thank you very much .
A new question:
CSPM-2.3.3i-S33-exe DOES NOT support IDS Sensor Version 3.1(2)S25 ?
please see the new post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide