07-20-2001 01:49 PM - edited 03-08-2019 08:30 PM
I have fully configured both the CSPM 2.3i and (2) CSIDS 4230s (2.5). The sensors are capturing traffic, all of the services are running, and communication is established with CSPM. I've configured my signatures but am getting no alerts when I should at least get some. I am getting the "Route Up" and "Route Down" messages, but that's all.
07-23-2001 07:31 AM
Have you checked to make sure the sensors are enabled for generating audit events? Click on the sensor under CSPM, go to the Logging tab, and make sure that "Generate audit event log files" is checked.
07-23-2001 07:59 AM
Also make sure that the right monitor interface is specified for the sensor. 4230=/dev/spwr0 and 4210=/dev/iprb0. I had this problem....I thought that the 4210 and the 4230 used the same interface names.
07-23-2001 10:24 AM
The correct interface is selected and "generate audit" is checked... I'm stumped!
09-25-2001 01:55 AM
Try to upgrade to the last version (either the CSPM and the IDS sotware). I had the same problem, and after upgrade it works fine.
10-24-2001 05:58 AM
I had this same problem with a new 4210 install and CSPM 2.3i, and had to log back into the sensor as root, exit out and let all daemons start again, generate the command set through CSPM doing the save and update, and approve command set again 2 or 3 times and finally they show up. This had to be done only one time. Now, when ever the sensor or CSPM is restarted, it continues. I also checked whether the postoffice service was started. Also, make sure the ports are not being filtered out on the machine.
10-26-2001 05:20 AM
If you are connecting the sniffing interface into a switch you will need to mirror whatever ports you want to be monitored on the switch. Keep in mind that if you mirror too many ports on the switch, you might run the chance to overload the CPU on the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide