IDS Device Manager Monitoring Tasks [Cisco IPS 4200 Series Sensors]

Table Of Contents

IDS Device Manager Monitoring Tasks

Downloading IP Logs

Configuring Events Display

Viewing Sensor Statistics

IDS Device Manager Monitoring Tasks

This chapter describes how to set up monitoring from the Monitoring tab.

This chapter contains the following sections:

•Downloading IP Logs

•Configuring Events Display

•Viewing Sensor Statistics

Downloading IP Logs

The IP Logs page displays all IP logs that are available for downloading on the system. IP logs are generated in two ways:

•When you turn on IP logging from Administration > IP Logging

See Configuring IP Logging, for the procedure.

•When you select log as the EventAction for a signature.

When the sensor detects an attack based on this signature, it creates an IP log. See Configuring Signatures Through Virtual Sensor Signature Configuration Mode, for more information.

There is a hyperlink to each log file that is available for download on the IP Logs page.

To download an IP log file, follow these steps:

Step 1 Select Monitoring > IP Logs.

The IP Logs page appears.

Step 2 Click the hyperlink for the log file that you want to download in the Log ID column.

Another page displays the IP log file.

Step 3 To save the file to a directory on your local hard disk drive, click Save As in your browser.

The file is saved in tcpdump format. Use a third-party tool that can read tcpdump files, such as Ethereal, to view the log files.

Configuring Events Display

Use the Events page to configure how you want events displayed. You can filter events based on event type, time, or both. By default, all events are displayed.

To configure the events display, follow these steps:

Step 1 Select Monitoring > Events.

The Events Display page appears.

Step 2 To show alerts, select the Show Alerts check box.

Step 3 Select one or more check boxes next to the level of alerts you want to see:

•Informational

•Low

•Medium

•High

Step 4 To show error events, select the Show Error Events check box.

Step 5 Select one or more check boxes next to the types of error events that you want to see:

•Warning

•Error

•Fatal

Step 6 To show log events, select the Show Log Events check box.

Step 7 To show network access controller (NAC) events, select the Show Network Access Controller Events check box.

Step 8 To show status events, select the Show Status Events check box.

Step 9 To view events within a specified time frame, follow these steps:

a. Enter a time in the Start Time field (hh:mm:ss).

b. Enter a date in the Start Date field (month:dd:yyyy).

c. Enter a time in the End Time field (hh:mm:ss).

d. Enter a date in the End Date field (month:dd:yyyy).

Note If you specify any part of the time frame fields, you must specify a value for all time frame fields.

Step 10 To specify past events ending now, do not specify a time frame (as shown in Step 9). Enter the number of hours to go back (1-65535) in the Past Hours field.

For example, if you want to look at the most recent events, you can specify the number of past hours to review: 2 would display the events logged during the past 2 hours.

Note To reset the form, click Reset.

Step 11 Click Apply to Sensor to save your changes.

The Events page lists the events you just selected.

Viewing Sensor Statistics

The Statistics page shows statistics for the following categories:

•WebServer

•TransactionSource

•TransactionServer

•NAC

•Logger

•Host

•EventStore

•EventServer

•AnalysisEngine

•Authorization

To show statistics for your sensor, follow these steps:

Step 1 Select Monitoring > Statistics.

The Statistics page appears.

Step 2 To update statistics as they change, click Statistics again or click Reload in your browser.


	IDS Device Manager Monitoring Tasks
	Download this chapter IDS Device Manager Monitoring Tasks Feedback Table Of Contents IDS Device Manager Monitoring Tasks Downloading IP Logs Configuring Events Display Viewing Sensor Statistics IDS Device Manager Monitoring Tasks This chapter describes how to set up monitoring from the Monitoring tab. This chapter contains the following sections: •Downloading IP Logs •Configuring Events Display •Viewing Sensor Statistics Downloading IP Logs The IP Logs page displays all IP logs that are available for downloading on the system. IP logs are generated in two ways: •When you turn on IP logging from Administration > IP Logging See Configuring IP Logging, for the procedure. •When you select log as the EventAction for a signature. When the sensor detects an attack based on this signature, it creates an IP log. See Configuring Signatures Through Virtual Sensor Signature Configuration Mode, for more information. There is a hyperlink to each log file that is available for download on the IP Logs page. To download an IP log file, follow these steps: Step 1 Select Monitoring > IP Logs. The IP Logs page appears. Step 2 Click the hyperlink for the log file that you want to download in the Log ID column. Another page displays the IP log file. Step 3 To save the file to a directory on your local hard disk drive, click Save As in your browser. The file is saved in tcpdump format. Use a third-party tool that can read tcpdump files, such as Ethereal, to view the log files. Configuring Events Display Use the Events page to configure how you want events displayed. You can filter events based on event type, time, or both. By default, all events are displayed. To configure the events display, follow these steps: Step 1 Select Monitoring > Events. The Events Display page appears. Step 2 To show alerts, select the Show Alerts check box. Step 3 Select one or more check boxes next to the level of alerts you want to see: •Informational •Low •Medium •High Step 4 To show error events, select the Show Error Events check box. Step 5 Select one or more check boxes next to the types of error events that you want to see: •Warning •Error •Fatal Step 6 To show log events, select the Show Log Events check box. Step 7 To show network access controller (NAC) events, select the Show Network Access Controller Events check box. Step 8 To show status events, select the Show Status Events check box. Step 9 To view events within a specified time frame, follow these steps: a. Enter a time in the Start Time field (hh:mm:ss). b. Enter a date in the Start Date field (month:dd:yyyy). c. Enter a time in the End Time field (hh:mm:ss). d. Enter a date in the End Date field (month:dd:yyyy). Note If you specify any part of the time frame fields, you must specify a value for all time frame fields. Step 10 To specify past events ending now, do not specify a time frame (as shown in Step 9). Enter the number of hours to go back (1-65535) in the Past Hours field. For example, if you want to look at the most recent events, you can specify the number of past hours to review: 2 would display the events logged during the past 2 hours. Note To reset the form, click Reset. Step 11 Click Apply to Sensor to save your changes. The Events page lists the events you just selected. Viewing Sensor Statistics The Statistics page shows statistics for the following categories: •WebServer •TransactionSource •TransactionServer •NAC •Logger •Host •EventStore •EventServer •AnalysisEngine •Authorization To show statistics for your sensor, follow these steps: Step 1 Select Monitoring > Statistics. The Statistics page appears. Step 2 To update statistics as they change, click Statistics again or click Reload in your browser.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks