cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
324
Views
0
Helpful
3
Replies

logs aren't being sent to CSPM

eckertb
Level 1
Level 1

I have comunication between the 4230 and the CSPM. The generate logs box is checked on the logging tab of the sensor properties page. The signatures are enabled with the action "ip log". The sensor is seeing the traffic because I snooped the interface. I have reconfigured the CSPM as well as run a sysconfig-sensor on the 4230. Everything looks right but I'm still not seeing any logs. Any advice? Thanks.

3 Replies 3

ttorgerson
Level 1
Level 1

You may want to telnet to the sensor and confirm that the auths, hosts, routes, and destinations files are all correct. Also... confirm that the daemons file has the proper daemons configured to start... you should have postofficed, loggerd, sapd, fileXferd and packetd configured to run. Do an nrstatus to confirm that all are running. If not, look in ../var/errors.* for the particular log files associated with each daemon... I have had issues with my packetd.conf file before not having some proper settings.. mainly the NameOfPacketDevice parameter..., even though CSPM looks correct. (I use NameOfPacketDevice /dev/e1000g0 instead of NameOfPacketDevice auto) > I very rarely use CSPM unless it is a must. It is clunky and does not work for me! You may also want to try using the web interface for the sensors... as long as you have that enabled. Access to the web interface is controled the same way as telnet/ssh using the sysconfig-sensor utility (access control). I find this much easier and less of a headache than CSPM. Ofcourse I still use telnet/ssh to connect and make changes to my packetd.conf file for signature changes... but that is just me! Cisco also has some type of Event Viewer for the IDS sensors, but it is almost not worth the effort...

ttorgerson
Level 1
Level 1

Oh yeah.. If you are fortunate to have a copy of ciscoWorks... there is a component for managing VPN's, Firewalls' and IDS's... called VMS (VPN/Security Management Solution...

hope this also helps...

Thanks for the reply. It seems to be working now although I'm not sure why.....

I still feel like I'm not seeing everything but at least the event viewer is up.

Geez, this CSPM box is flakey.