This document describes how to enable/disable the summary of a specific
event in Intrusion Prevention System (IPS) software version 6.x using the IPS
Device Manager (IDM).
Note: Access lists must be configured in the IPS appliances in order to
allow the access from the host or network where management software such as IDM
(IDS Event Viewer) are installed and work properly. Refer to the
the Access List section of the
the Cisco Intrusion Prevention System Sensor Using the Command Line Interface
5.0 for more information.
This document is created with the assumption that IPS 6.x is installed
and works properly.
The information in this document is based on the Cisco 4200 Series IPS
Sensor that runs software version 6.0(2)E1.
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Technical Tips Conventions for more information on document
For a clear understanding, this section provides an example in which
you enable/disable the summary for the Signature ID:
Complete these steps.
Click Home in order to see the homepage of the
IDM. This page shows the device information.
Choose Configuration > Policies > Signature
Definitions > sig0 > Signature Configuration > Select By: Sig
ID in order to display all the signatures available in the
Choose Sig ID from the Select By drop-down menu
and then enter Sig ID 5748 in order to find a specific
Click Edit in order to edit the
In the Edit Signature window, choose Signature Definition
> Alert Frequency > Summary Mode, and change the action from
Summarize to Fire all in the Summary Mode
Make sure that Specify Global Summary Threshold is set to