Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
3
Replies

Security Monitor for IDS Problem

ddinh
Level 1
Level 1

‎01-12-2004 02:33 PM - edited ‎03-09-2019 06:06 AM

Hi All,

I'm running Security Monitor 1.2 on CiscoWorks Common Services 2.2 with the latest Signature update (S65). When I select Monitor/Events/today's date, the alarms from yesterday are in the count as well. This has been happening for awhile and it's very annoying. I would really apprecitaed if someone can provide any insight. Many thanks in advance.

Damien

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎01-13-2004 04:08 PM

Only thing I can think of is the time/date controls on the Event Viewer launch pad page refer to the time the event is *inserted* in the SecMon/MC database, not the time the event is generated on the Sensor. The date and time columns in the event viewer, however, correspond to the Sensor event generation times.

Could this explain the discrepancy? If there's delays from the time the event is seen by the sensor till that event is written into the SecMon database then you'd get this happening.

Note that this will be fixed ultimately when we introduce the ability to apply generic "filters" to the event viewer.

0 Helpful

intertechusa
Level 1
Level 1
In response to gfullage

‎01-21-2004 10:05 AM

Just curious, how many alarms do you get in a day?

0 Helpful

ddinh
Level 1
Level 1
In response to intertechusa

‎01-21-2004 12:33 PM

Tens of thousand including FP but with all my filters in place, it averages ~two thousand.

0 Helpful
Customers Also Viewed These Support Documents