C-99
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Appendix C Troubleshooting
Gathering Information
The following options apply:
•
alert—Displays alerts. Provides notification of some suspicious activity that may indicate an attack
is in process or has been attempted. Alert events are generated by the Analysis Engine whenever a
signature is triggered by network activity. If no level is selected (informational, low, medium, or
high), all alert events are displayed.
•
include-traits—Displays alerts that have the specified traits.
•
exclude-traits—Does not display alerts that have the specified traits.
•
traits—Specifies the trait bit position in decimal (0 to 15).
•
min-threat-rating—Displays events with a threat rating above or equal to this value. The default is
0. The valid range is 0 to 100.
•
max-threat-rating—Displays events with a threat rating below or equal to this value. The default
is 100. The valid range is 0 to 100.
•
error—Displays error events. Error events are generated by services when error conditions are
encountered. If no level is selected (warning, error, or fatal), all error events are displayed.
•
NAC—Displays the ARC (block) requests.
Note
The ARC is formerly known as NAC. This name change has not been completely
implemented throughout the IDM, the IME, and the CLI.
•
status—Displays status events.
•
past—Displays events starting in the past for the specified hours, minutes, and seconds.
•
hh:mm:ss—Specifies the hours, minutes, and seconds in the past to begin the display.
Note
The show events command continues to display events until a specified event is available. To exit, press
Ctrl-C.
Displaying Events
To display events from the Event Store, follow these steps:
Step 1
Log in to the CLI.
Step 2
Display all events starting now. The feed continues showing all events until you press Ctrl-C.
sensor# show events
evError: eventId=1041472274774840147 severity=warning vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 12075
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errWarning received fatal alert: certificate_unknown
evError: eventId=1041472274774840148 severity=error vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 351
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errTransport WebSession::sessionTask(6) TLS connection exce
ption: handshake incomplete.