02-22-2003 07:06 AM - edited 03-09-2019 02:12 AM
Hi,
I'm using CSPM 2.3.3i to manage IDS sensor 3.1 with IOS router for block malicious attack (shunning), but how can CSPM configure to send notification to administrator, then tell them what IP address(es) were blocked by ACL at that moment? And can I also generate it from the CSPM report? Thanks
Any feedback would be appreciated.
Regards, Dennis
02-23-2003 04:54 PM
Unfortunately CSPM doesn't provide any notifications that an IP address was shunned, simply because shunning is carried out by the sensor, not by CSPM. The only place to get a listing of what was shunned is by going through the log file on the sensor itself and searching for the shun keyword. The sensor is a UNIX file system so you can grep all these lines out of the log file on a regular basis or whatever suits you best.
Log file is /usr/nr/var/log.$DATETIME, which is regularly copied and written to /usr/nr/var/new/log.yyyymmddhhmm.
02-24-2003 10:28 AM
Hi Glenn,
Thanks for your response.
But may i know it can do that in VMS, or future version IDS v4?
Regard,
Dennis.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: