Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
C-109
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Gathering Information
error—Displays error events. Error events are generated by services when error conditions are
encountered. If no level is selected (warning, error, or fatal), all error events are displayed.
NAC—Displays the ARC (block) requests.
Note The ARC is formerly known as NAC. This name change has not been completely
implemented throughout the IDM, the IME, and the CLI for Cisco IPS 7.1.
status—Displays status events.
past—Displays events starting in the past for the specified hours, minutes, and seconds.
hh:mm:ss—Specifies the hours, minutes, and seconds in the past to begin the display.
Note The show events command continues to display events until a specified event is available. To exit, press
Ctrl-C.
Displaying Events
To display events from the Event Store, follow these steps:
Step 1 Log in to the CLI.
Step 2 Display all events starting now. The feed continues showing all events until you press Ctrl-C.
sensor# show events
evError: eventId=1041472274774840147 severity=warning vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 12075
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errWarning received fatal alert: certificate_unknown
evError: eventId=1041472274774840148 severity=error vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 351
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errTransport WebSession::sessionTask(6) TLS connection exce
ption: handshake incomplete.
Step 3 Display the block requests beginning at 10:00 a.m. on February 9, 2011.
sensor# show events NAC 10:00:00 Feb 9 2011
evShunRqst: eventId=1106837332219222281 vendor=Cisco
originator:
deviceName: Sensor1
appName: NetworkAccessControllerApp
appInstance: 654
time: 2011/02/09 10:33:31 2011/08/09 13:13:31
shunInfo:
host: connectionShun=false
srcAddr: 11.0.0.1
destAddr:
srcPort:
destPort:
protocol: numericType=0 other
timeoutMinutes: 40
 previous next