Re: Why policy don't effect?

sand.yang · ‎01-21-2003

Hello,everyone!I have a 6509's ids module and ids-mc(included vms2.1).

I need to use ids-mc to manage and mointor ids module,but when I setup

a group of signiatures and deploy them to ids module.IT seems like the

policy take any effect.

Do you tell me how can I judge the ids moudule's status.Why the

ids module don't work?

Thanks!!!

wkho · ‎01-21-2003

Are you trying to filter out(exclude) events(ie. source,destination with certain signatures)? I am having issues with IDS-MC filtering(exclude) information on an IDSM blade. I think the only method that works is a host to host filter setup. Any other filter setup such as host to any or any to any filter does not work. I have a case open with the TAC currently on my issue.

wkho · ‎01-22-2003

Well it looks like the host to host exclusion method for signature does not work either.

a.baird · ‎03-26-2003

I am seeing the same. I have not yet tried host to host, but this would be a very impractical solution for my problem as I am trying to filter entire networks.