Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Question:Is it possible to use a Solaris 8 IDSMC as an NTP server to the 4.X sensors? It seems that the cisco sensors only want to connect to a cisco device....is there some way around this?Also, if it is possible...how would you set up the IDSMC to...
Im about to start a project which could take my total sensor count well over 100, over time, using CiscoWorks VMS 2.2 UNIX Unrestricted. I am guessing that a vast increase of sensors brings along with it some unique problems. I would like to ask th...
Has anyone been able to make wildcards work when using a hex regex in string.tcp or string.udp?Example:\xAB\xCD(..........)\xCD\xBAor\xAB\xCD.{10}\xCD\xBAThese signatures should match on the first 2 charatcers AB CD then followed by 10 characters of ...
On a 4250XL sensor, assuming both fiber interfaces (int2 and int3) are being used....is there a way to show their status in the linux interface not the CLI?In other words, I want to know if there is an "ifconfig" equivalent but for the falcon interfa...
I was running an "IDS Alarms By Hour Report" and as usual I requested an email be sent to me when it was completed. The report never made it to the view screen, so I check my email and I get the message that the reprt failed, and the reason given wa...
I found out later that in order to do a tcpdump on a fiber interface on these 4.1 sensors, you have to stop the cids service, and use the falcondump tool.From what I hear, in the next sensor version, due out soon, you will be able to tcpdump on those...
Yep, 10 does work...My original problem was with 28...I got a messge from cisco that there is a design limitation on the amount of wildcards here...somewhere between 10 and 28.
Do I HAVE to stop cids to use falcondump? What if I wanted to do an extended grep for a specific port (all traffic). Would I have to actully have to shut the IDS part off to do this?
