12-3
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 12 Configuring IP Logging
Configuring Manual IP Logging for a Specific IP Address
Configuring Automatic IP Logging
To configure automatic IP logging parameters, follow these steps:
Step 1
Log in to the CLI using an account with administrator or operator privileges.
Step 2
Enter signature definition IP log configuration submode.
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# ip-log
Step 3
Specify the number of packets you want the sensor to log.
sensor(config-sig-ip)# ip-log-packets 200
Step 4
Specify the duration you want the sensor to log packets.
sensor(config-sig-ip)# ip-log-time 60
Step 5
Specify the number of bytes you want logged.
sensor(config-sig-ip)# ip-log-bytes 5024
Step 6
Verify the settings.
sensor(config-sig-ip)# show settings
ip-log
-----------------------------------------------
ip-log-packets: 200 default: 0
ip-log-time: 60 default: 30
ip-log-bytes: 5024 default: 0
-----------------------------------------------
sensor(config-sig-ip)#
Step 7
Exit IP logging submode.
sensor(config-sig-ip)# exit
sensor(config-sig)# exit
Apply Changes?:[yes]:
Step 8
Press Enter to apply the changes or type no to discard the changes.
For More Information
•
To copy and view an IP log file, see Copying IP Log Files to Be Viewed, page 12-7.
•
For more information on event actions, see Assigning Actions to Signatures, page 7-15 and
Configuring Event Action Overrides, page 8-17.
Configuring Manual IP Logging for a Specific IP Address
Use the iplog name ip_address [duration minutes] [packets numPackets] [bytes numBytes] command
to log IP packets manually on a virtual sensor for a specific IP address.
The following options apply:
•
name—Specifies the virtual sensor on which to begin and end logging.
•
ip_address—Logs packets containing the specified source and/or destination IP address.