Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

12-4

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 12 Configuring IP Logging

Configuring Manual IP Logging for a Specific IP Address

• numPackets—Specifies the maximum number of packets to log. The valid range is 0 to 4294967295.

The default is 1000 packets.

• numBytes—Specifies the maximum number of bytes to log. The valid range is 0 to 4294967295. A

value of 0 indicates unlimited bytes.

Note The minutes, numPackets, and numBytes parameters are optional, you do not have to specify all three.

However, if you include more than one parameter, the sensor continues logging only until the first

threshold is reached. For example, if you set the duration to 5 minutes and the number of packets to 1000,

the sensor stops logging after the 1000th packet is captured, even if only 2 minutes have passed.

Configuring Manual IP Logging

To manually log packets on a virtual sensor for a specific IP address, follow these steps:

Step 1 Log in to the CLI using an account with administrator or operator privileges.

Step 2 Start IP logging for a specific IP address. The range is 1 to 60 minutes.

sensor# iplog vs0 10.16.0.0 duration 5

Logging started for virtual sensor vs0, IP address 192.0.2.1, Log ID 1

Warning: IP Logging will affect system performance.

sensor#

The example shows the sensor logging all IP packets for 5 minutes to and from the IP address 192.0.2.1.

Note Make note of the Log ID for future reference.

Step 3 Monitor the IP log status with the iplog-status command.

sensor# iplog-status

Log ID: 1

IP Address 1: 192.0.2.1

Virtual Sensor: vs0

Status: added

Event ID: 0

Bytes Captured: 0

Packets Captured: 0

sensor

Note Each alert references IP logs that are created because of that alert. If multiple alerts create IP

logs for the same IP address, only one IP log is created for all the alerts. Each alert references

the same IP log. However, the output of the IP log status only shows the event ID of the first alert

triggering the IP log.

For More Information

• To stop logging IP packets for a specific IP address, see Stopping Active IP Logs, page 12-6.

• To log IP packets as an event associated with a signature, see Configuring Automatic IP Logging,

page 12-2.

• To copy and view an IP log file, see Copying IP Log Files to Be Viewed, page 12-7.

previous next