09-10-2002 10:04 PM - edited 03-09-2019 12:15 AM
On the 4210 the Packet Capturing device is called /dev/iprb0
what is it called on the new platforms 4235 and 4250
regards
Per
09-11-2002 06:02 AM
The 4235 and 4250 use the /dev/e1000g0 driver. If you have the 4250sx version (fiber card) then the driver is /dev/e1000g2.
If you set the NameOfPacketDevice to "auto" it will auto detect these for you. By setting this to auto packetd will check to see if you have a fiber card first and set this as the sniffing interface otherwise it would select the e1000g0 interface.
09-13-2002 06:53 AM
I don't know what is it called on 4235, but I know it called "/dev/fastethernet1" on 4250.
If you're using CSPM, the nr.packetd will not running.
Because it was removed from the /usr/nr/etc/daemon file.
I added it manually and restart ids then everything goes fine.
09-13-2002 07:29 AM
Set NameOfPacketDevice to "auto" and nr.packetd will figure out what the sniffing interface is.
On the IDS-4235 and IDS-4250-TX /dev/e1000g0 is the interface. On a IDS-4250-SX /dev/e1000g2
So you know:
Nr.packetd is disabled on the sensor initially. This is to prevent the sensor from generating a bunch of alarms and holding them in queue before being added to CSPM. When added to CSPM the sensor would send all of the queued alarms, and could flood the CSPM console with old information from untuned alarms.
The first time you push a configuration from CSPM, it will enable nr.packetd (put it in the daemons file) and use the default device name "auto".
By waiting to start nr.packetd, it gives the user a chance to tune the sensor through CSPM before being flooded with alarms they would have filtered out anyway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide