Support User Manuals

Cisco Systems IPS4510K9 Home Security System User Manual

Open as PDF

of 854

C-99

Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2

OL-29168-01

Appendix C Troubleshooting

Gathering Information

The following options apply:

•

alert—Displays alerts. Provides notification of some suspicious activity that may indicate an attack

is in process or has been attempted. Alert events are generated by the Analysis Engine whenever a

signature is triggered by network activity. If no level is selected (informational, low, medium, or

high), all alert events are displayed.

•

include-traits—Displays alerts that have the specified traits.

•

exclude-traits—Does not display alerts that have the specified traits.

•

traits—Specifies the trait bit position in decimal (0 to 15).

•

min-threat-rating—Displays events with a threat rating above or equal to this value. The default is

0. The valid range is 0 to 100.

•

max-threat-rating—Displays events with a threat rating below or equal to this value. The default

is 100. The valid range is 0 to 100.

•

error—Displays error events. Error events are generated by services when error conditions are

encountered. If no level is selected (warning, error, or fatal), all error events are displayed.

•

NAC—Displays the ARC (block) requests.

Note

The ARC is formerly known as NAC. This name change has not been completely

implemented throughout the IDM, the IME, and the CLI.

•

status—Displays status events.

•

past—Displays events starting in the past for the specified hours, minutes, and seconds.

•

hh:mm:ss—Specifies the hours, minutes, and seconds in the past to begin the display.

Note

The show events command continues to display events until a specified event is available. To exit, press

Ctrl-C.

Displaying Events

To display events from the Event Store, follow these steps:

Step 1

Log in to the CLI.

Step 2

Display all events starting now. The feed continues showing all events until you press Ctrl-C.

sensor# show events

evError: eventId=1041472274774840147 severity=warning vendor=Cisco

originator:

hostId: sensor2

appName: cidwebserver

appInstanceId: 12075

time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC

errorMessage: name=errWarning received fatal alert: certificate_unknown

evError: eventId=1041472274774840148 severity=error vendor=Cisco

originator:

hostId: sensor2

appName: cidwebserver

appInstanceId: 351

time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC

errorMessage: name=errTransport WebSession::sessionTask(6) TLS connection exce

ption: handshake incomplete.

previous next