Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
C-34
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
Unable to See Alerts
If you are not seeing alerts, try the following:
Make sure the signature is enabled
Make sure the signature is not retired
Make sure that you have Produce Alert configured as an action
Note If you choose Produce Alert, but come back later and add another event action and do not
add Produce Alert to the new configuration, alerts are not sent to the Event Store. Every time
you configure a signature, the new configuration overwrites the old one, so make sure you
have configured all the event actions you want for each signature.
Make sure the sensor is seeing packets
Make sure that alerts are being generated
Make sure the sensing interface is in a virtual sensor
To make sure you can see alerts, follow these steps:
Step 1 Log in to the CLI.
Step 2 Make sure the signature is enabled.
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# signatures 1300 0
sensor(config-sig-sig)# status
sensor(config-sig-sig-sta)# show settings
status
-----------------------------------------------
enabled: true <defaulted>
retired: false <defaulted>
-----------------------------------------------
sensor(config-sig-sig-sta)#
Step 3 Make sure you have Produce Alert configured.
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# signatures 1300 0
sensor(config-sig-sig)# engine ?
normalizer Signature engine
sensor(config-sig-sig)# engine normalizer
sensor(config-sig-sig-nor)# event-action produce-alert
sensor(config-sig-sig-nor)# show settings
normalizer
-----------------------------------------------
event-action: produce-alert default: produce-alert|deny-connection-inline
edit-default-sigs-only
-----------------------------------------------
sensor#
Step 4 Make sure the sensor is seeing packets.
sensor# show interfaces FastEthernet0/1
MAC statistics from interface FastEthernet0/1
Media Type = backplane
Missed Packet Percentage = 0
 previous next