Hi,
I'm a little taken aback at how difficult this is and I'm wondering if I'm missing something right under my nose. I set up several IP SLAs to monitor RTT on our WAN links and they work fine ... if you log in and type "show ip sla statistics."
W...
I come from Snort IDS so pardon my confusion. I have been asked by my boss(es) to trim down the number of alerts we are seeing by culling false positives and perhaps adjusting thresholds. My problem is simply that my first step in determining the v...
Hello all, as part of normal IDS alert investigations we're looking for a sniffer to complement the Netranger. I realize that this is a little bit off-topic so if anyone wants to respond privately that is fine (twigles at yahoo dt com). Basically s...
Hey all, before I start writing a script to roll alerts into syslog I figured I'd make sure the box (4230) could syslog to my server. I changed /etc/syslog.conf to include the line:local0,local1,local2,local3.debug @loghostThis started...
Hello all, I'm trying to figure out where someone plugged our sensor's monitoring interface in so I can span the port. Unfortunately no one described the interface and I can't find any docs with that info. So I figured I could grab the MAC address ...
I agree with George. Port security is, IMO, a clumsier method of solving the same problem. Not only can you filter on the same mechanism in ISE (MAC address), you can filter on things like CDP and SNMP data now, or certificates. By implementing tw...
Ok I yanked it all out and put back the least lines possible to make sure I understand exactly what's happening here, and your post was correct - the "threshold 5" was not needed.
The reason I wasn't triggering events was the order of commands entere...
Spoke too soon, as is usually the case. I replicated SLA23's configuration as SLA24, and only added "threshold 5" so anything over 5ms as a response would trigger it and I got an immediate syslog message.
I'm honestly confused as he-double-hockeyst...
Thanks Francesco. Unfortunately it's still sitting there silently being "over threshold."
I left SLA 22 as it was and put yours in as IP SLA 23 so I could compare the differences and they look almost the same in the show outputs. They're both doing...