Table Of Contents
Maintaining the Sensor
Updating the Sensor License
Overview
Supported User Role
Field Definitions
Updating the Sensor License
Updating the Sensor Automatically
Overview
UNIX-Style Directory Listings
Supported User Role
Field Definitions
Configuring Auto Update
Restoring the Defaults
Overview
Supported User Role
Field Definitions
Restoring the Defaults
Rebooting the Sensor
Overview
Supported User Role
Field Definitions
Rebooting the Sensor
Shutting Down the Sensor
Overview
Supported User Role
Field Definitions
Shutting Down the Sensor
Updating the Sensor
Overview
Supported User Role
Field Definitions
Updating the Sensor
Generating a Diagnostics Report
Overview
Supported User Role
Field Definitions
Generating a Diagnostics Report
Viewing Statistics
Overview
Supported User Role
Field Definitions
Viewing Statistics
Viewing System Information
Overview
Supported User Role
Field Definitions
Viewing System Information
Maintaining the Sensor
This chapter describes how to maintain the sensor by updating the license, automatically updating the sensor with the latest software, or updating it immediately, restoring the factory defaults, and shutting down the sensor. You can also generate information for troubleshooting purposes and to use if you need to contact TAC. This chapter contains the following sections:
•
Updating the Sensor License
•Updating the Sensor Automatically
•Restoring the Defaults
•Rebooting the Sensor
•Shutting Down the Sensor
•Updating the Sensor
•Generating a Diagnostics Report
•Viewing Statistics
•Viewing System Information
Updating the Sensor License
This section describes how to update the sensor license, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Updating the Sensor License
Overview
Although the sensor functions without the license, you must have a license to obtain signature updates. To obtain a license, you must have a Cisco Service for IPS contract. Contact your reseller, Cisco service or product sales to purchase a contract.
Note You can install the first few signature updates for 5.0 without a license. This gives you time to get your sensor licensed. If you are unable to get your sensor licensed because of confusion with your contract, you can obtain a 60-day trail license that supports signature updates that require licensing.
You can view the status of the IPS subscription license key on the Licensing panel in IDM. You can obtain a license key from the Cisco.com licensing server, which is then delivered to the sensor. Or, you can update the sensor license key from a license key provided in a local file.
You must know your IPS device serial number to obtain a license key. You can find the IPS device serial number in IDM by clicking Configuration > Licensing, or through the CLI by using the show version command.
Whenever you start IDM, a dialog box informs you of your license status—whether you have a trial, invalid, or expired license key. With no license key, an invalid license key, or an expired license key, you can continue to use IDM but you cannot download signature updates.
When you enter the CLI, you receive the following message if there is no license installed:
There is no license key installed on the system.
Please go to http://www.cisco.com/go/license to obtain a new license or install a license.
You will continue to see this message until you have installed a license. Go to http://www.cisco.com/go/license and click IPS Signature Subscription Service to apply for a license.
Supported User Role
You must be Administrator to view license information on the Licensing panel and to install the sensor license.
Field Definitions
The following fields and buttons are found on the Licensing panel.
Field Descriptions:
•Current License—Provides the status of the current license:
–License Status—Current license status of the sensor.
–Expiration Date—Date when the license key expires (or has expired).
If the key is invalid, no date is displayed.
–Serial Number—Serial number of the sensor.
•Update License—Specifies from where to obtain the new license key:
–Cisco Connection Online—Contacts the license server at Cisco.com for a license key.
–License File—Specifies that a license file be used.
–Local File Path—Indicates where the local file containing the license key is.
Button Functions:
•Browse Local—Invokes a file browser to find the license key.
•Update License—Delivers a new license key to the sensor based on the selected option.
Updating the Sensor License
To install the sensor license, follow these steps:
Step 1 Click Configuration > Licensing.
The Licensing panel appears.
Step 2 Choose the method to deliver the license:
a. Select Cisco Connection Online to obtain the license from Cisco.com.
IDM contacts the license server on Cisco.com and sends the server the serial number to obtain the license key. This is the default method. Go to Step 3.
b. Select License File to use a license file.
To use this option, you must apply for a license at this URL: www.cisco.com/go/license
The license is sent to you in e-mail and you save it to a drive that is accessible by IDM. This option is useful if your computer does not have access to Cisco.com.
Go to Step 6.
Step 3 Click Update License.
The Licensing dialog box appears.
Step 4 Click Yes to continue.
The Status dialog box informs you that the sensor is trying to connect to Cisco.com.
An Information dialog box confirms that the license has been updated.
Step 5 Click OK.
Step 6 Go to www.cisco.com/go/license.
Step 7 Fill in the required fields.
Caution You must have the correct IPS device serial number because the license key only functions on the device with that number.
Your Cisco IPS Signature Subscription Service license key will be sent by e-mail to the e-mail address you specified.
Step 8 Save the license file to a hard-disk drive or a network drive that is accessible by the client running IDM.
Step 9 Log in to IDM.
Step 10 Click Configuration > Licensing. S
Step 11 Under Update License, select Update From: License File.
Step 12 In the Local File Path field, specify the path to the license file or click Browse Local to browse to the file.
The Select License File Path dialog box appears.
Step 13 Browse to the license file and click Open.
Step 14 Click Update License.
Updating the Sensor Automatically
This section describes how to configure the sensor for automatic updates, and contains the following topics:
•Overview
•UNIX-Style Directory Listings
•Supported User Role
•Field Definitions
•Configuring Auto Update
Overview
You can configure automatic service pack and signature updates, so that when service pack or signature updates are loaded on a central FTP or SCP server, they are downloaded and applied to your sensor.
Automatic updates do not work with Windows FTP servers configured with DOS-style paths. Make sure the server configuration has the UNIX-style path option enabled rather than DOS-style paths.
Note The sensor cannot automatically download service pack and signature updates from Cisco.com. You must download the service pack and signature updates from Cisco.com to your FTP or SCP server, and then configure the sensor to download them from the FTP or SCP server.
Caution After you download an update from Cisco.com, you must take steps to ensure the integrity of the downloaded file while it resides on your FTP or SCP server.
UNIX-Style Directory Listings
To configure Auto update using an FTP server, the FTP server must provide directory listing responses in UNIX style. MS-DOS style directory listing is not supported by the sensor Auto update feature.
Note If the server supplies MS-DOS style directory listings, the sensor cannot parse the directory listing and does not know that there is a new update available.
To change Microsoft IIS to use UNIX-style directory listings, follow these steps:
Step 1 Choose Start > Program Files > Administrative Tools.
Step 2 Click the Home Directory tab.
Step 3 Click the UNIX directory listings style radio button.
Supported User Role
You must be Administrator view the Auto Update panel and to configure automatic updates.
Field Definitions
The following fields and buttons are found on the Auto Update panel.
Field Descriptions:
•Enable Auto Update—Lets the sensor install updates stored on a remote server.
If Enable Auto Update is not selected, all fields are disabled and cleared. You cannot toggle this on or off without losing all other settings.
•Remote Server Settings—Lets you specify the following options:
–IP Address—Identifies the IP address of the remote server.
–File Copy Protocol—Specifies whether to use FTP or SCP.
–Directory—Identifies the path to the update on the remote server.
–Username—Identifies the username corresponding to the user account on the remote server.
–Password—Identifies the password for the user account on the remote server.
–Confirm Password—Confirms the password by forcing you to retype the remote server password.
•Schedule—Lets you specify the following options:
–Start Time—Identifies the time to start the update process.
This is the time when the sensor will contact the remote server and search for an available update.
–Frequency—Specifies whether to perform updates on an hourly or weekly basis.
Hourly—Specifies to check for an update every n hours.
Daily—Specifies the days of the week to perform the updates.
Button Functions:
•Apply—Applies your changes and saves the revised configuration.
•Reset—Refreshes the panel by replacing any edits you made with the previously configured value.
Configuring Auto Update
To configure automatic updates, follow these steps:
Step 1 Click Configuration > Auto Update.
The Auto Update panel appears.
Step 2 Select the Enable Auto Update check box to enable automatic updates.
Step 3 Type the IP address of the remote server where you have downloaded and stored updates in the IP Address field.
Step 4 Select either FTP or SCP from the File Copy Protocol list to identify the protocol used to connect to the remote server.
Step 5 Type the path to the directory on the remote server where the updates are located in the Directory field.
A valid value for the path is 1 to 128 characters.
Step 6 Type the username to use when logging in to the remote server in the Username field.
A valid value for the username is 1 to 2047 characters.
Step 7 Type the username password on the remote server in the Password field.
A valid value for the password is 1 to 2047 characters.
Step 8 Repeat the password in the Confirm Password field.
Step 9 For hourly updates, select Hourly, and follow these steps:
a. Type the time you want the updates to start in the Start Time field.
The valid value is hh:mm:ss.
b. Type the hour interval at which you want every update to occur in the Every_hours field.
The valid value is 1 to 8760.
For example, if you enter 5, every 5 hours the sensor looks at the directory of files on the server. If there is an available update candidate, it is downloaded and installed. Only one update is installed per cycle even if there are multiple available candidates. The sensor determines the most recent update that can be installed and installs that file.
Step 10 For weekly updates, select Daily, and follow these steps:
a. Type the time you want the updates to start in the Start Time field.
The valid value is hh:mm:ss.
b. Select the day(s) you want the sensor to check for and download available updates in the Days field.
Tip To discard your changes, click Reset.
Step 11 Click Apply to save your changes.
Restoring the Defaults
This section describes how to restore factory defaults to the sensor, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Restoring the Defaults
Overview
You can restore the default configuration to your sensor.
 |
Warning Restoring the defaults removes the current application settings and restores the default settings. Your network settings also return to the defaults and you immediately lose connection to the sensor.
|
Supported User Role
You must be Administrator to view the Restore Defaults panel and to restore the sensor defaults.
Field Definitions
The following buttons are found on the Restore Defaults panel.
Button Functions:
•Restore Defaults—Opens the Restore Defaults dialog box.
From this dialog box, you can begin the restore defaults process. This process returns the sensor configuration to the default settings and immediately terminates connection to the sensor.
•OK—Starts the restore defaults process.
•Cancel—Closes the Restore Defaults dialog box and returns you to the Restore Defaults panel without performing the restore defaults process.
Restoring the Defaults
To restore the default configuration, follow these steps:
Step 1 Click Configuration > Restore Defaults.
The Restore Defaults panel appears.
Step 2 Click Restore Configuration Defaults to restore the default configuration.
The Restore Defaults dialog box appears.
Step 3 Click Yes to begin the restore defaults process.
Note Restoring defaults resets the IP address, netmask, default gateway, and access list. The password, and time will not be reset. Manual and automatic blocks also remain in effect.
Rebooting the Sensor
This section describes how to reboot the sensor from IDM, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Rebooting the Sensor
Overview
You can shut down and restart the sensor from the Reboot Sensor panel.
Supported User Role
You must be Administrator to see the Reboot Sensor panel and to reboot the sensor.
Field Definitions
The following buttons are found on the Reboot Sensor panel.
Button Functions:
•Reboot Sensor—Opens the Reboot Sensor dialog box.
From this dialog box, you can begin the process that shuts down and restarts the sensor.
•OK—Shuts down and restarts the sensor, causing you to immediately lose connection with the sensor. You can log back in after the senor restarts.
•Cancel—Closes the Reboot Sensor dialog box and returns you to the Reboot Sensor panel without shutting down the sensor.
Rebooting the Sensor
To reboot the sensor, follow these steps:
Step 1 Click Configuration > Reboot.
The Reboot Sensor panel appears.
Step 2 Click Reboot Sensor.
The Reboot Sensor dialog box appears.
Step 3 Click OK to shut down and restart the sensor.
The sensor applications shut down and then the sensor reboots. After the reboot, you must log back in.
Note There is a 30-second delay during which users who are logged in to the CLI are notified that the sensor applications are going to shut down.
Shutting Down the Sensor
This section describes how to shut down the sensor from IDM, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Shutting Down the Sensor
Overview
You can shut down the IPS applications and then put the sensor in a state in which it is safe to power it off.
Supported User Role
You must be Administrator to view the Shut Down Sensor panel and to shut down the sensor.
Field Definitions
The following fields and buttons are found on the Shut Down Sensor panel.
Button Functions:
•Shut Down Sensor—Opens the Shut Down Sensor dialog box.
From this dialog box you can begin the process that shuts down the sensor.
•OK—Shuts down the sensor and immediately closes any open connections to the sensor.
•Cancel—Closes the Shut Down Sensor dialog box without beginning the shutdown process.
Shutting Down the Sensor
To shut down the sensor, follow these steps:
Step 1 Click Configuration > Shut Down Sensor.
The Shut Down Sensor panel appears.
Step 2 Click Shut Down Sensor.
The Shut Down Sensor dialog box appears.
Step 3 Click OK to shut down the sensor.
The sensor applications shut down and any open connections to the sensor are closed.
Note There is a 30-second delay during which users who are logged in to the CLI are notified that the sensor applications are going to shut down.
Updating the Sensor
This section describes how to update the sensor with the most current software, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Updating the Sensor
Overview
From the Update Sensor panel, you can immediately apply service pack and signature updates.
Note The sensor cannot download service pack and signature updates from Cisco.com. You must download the service pack and signature updates from Cisco.com to your FTP server, and then configure the sensor to download them from your FTP server.
Supported User Role
You must be Administrator to view the Update Sensor panel and to update the sensor with service packs and signature updates.
Field Definitions
The following fields and buttons are found on the Update Sensor panel.
Field Descriptions:
•Update is located on a remote server and is accessible by the sensor—Lets you specify the following options:
–URL—Identifies the type of server where the update is located. Specify whether to use FTP, HTTP/s, or SCP.
–://—Identifies the path to the update on the remote server.
–Username—Identifies the username corresponding to the user account on the remote server.
–Password—Identifies the password for the user account on the remote server.
•Update is located on this client—Lets you specify the following options:
–Local File Path—Identifies the path to the update file on this local client.
–Browse Local—Opens the Browse dialog box for the file system on this local client. From this dialog box, you can navigate to the update file.
Button Functions:
•Update Sensor—Opens the Update Sensor dialog box. From this dialog box, you can initiate an instant update.
•OK—Immediately updates the sensor, according to the parameters you have set on the Update Sensor panel.
•Cancel—Closes the Update Sensor dialog box without performing any updates.
Updating the Sensor
To immediately apply a service pack and signature update, follow these steps:
Step 1 Click Configuration > Update Sensor.
The Update Sensor panel appears.
Step 2 To pull an update down from a remote server and install it on the sensor, follow these steps:
a. Select Update is located on a remote server and is accessible by the sensor.
b. Type the URL where the update can be found in the URL field.
The following URL types are supported:
•FTP:—Source URL for an FTP network server.
The syntax for this prefix is the following:
ftp://location/relative_directory/filename
or
ftp://location//absolute_directory/filename
•HTTPS:—Source URL for a web server.
The syntax for this prefix is the following:
https://location/directory/filename
Note Before using the HTTPS protocol, use the tls trusted-host command to set up a TLS trusted host.
•SCP:—Source URL for a SCP network server.
The syntax for this prefix is the following:
scp://location/relative_directory/filename
or
scp://location/absolute_directory/filename
•HTTP:—Source URL for a web server.
The syntax for this prefix is the following:
http://location/directory/filename
The following example shows the FTP protocol:
ftp://user@ip_address/UPDATES/file_name.rpm.pkg
Note You must have already downloaded the update from Cisco.com and put it on the FTP server.
c. Type the username for an account on the remote server in the Username field.
d. Type the password associated with this account on the remote server in the Password field.
Step 3 To push from the local client and install it on the sensor, follow these steps:
a. Select Update is located on this client.
b. Specify the path to the update file on the local client or click Browse Local to navigate through the files on the local client.
Step 4 Click Update Sensor.
The Update Sensor dialog box tells you that if you want to update, you will lose your connection to the sensor and you must log in again.
Step 5 Click OK to update the sensor.
Tip To discard your changes and close the Update Sensor dialog box, click Cancel.
Note The IDM and CLI connection are lost during the following updates: service pack, minor, major, and engineering patch. If you are applying one of these updates, the installer automatically restarts the IPS applications. A reboot of the sensor is possible. You do not lose the connection when applying signature updates and you do not need to reboot the system.
Generating a Diagnostics Report
This section describes how to generate a diagnostics report, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Generating a Diagnostics Report
Overview
You can obtain diagnostics information on your sensors for troubleshooting purposes. The diagnostics report contains internal system information, such as logs, status, configuration, and so forth, that is intended for TAC to use when troubleshooting the sensor.
Note Generating a diagnostics report can take a few minutes.
You can view the report in the Diagnostics Report panel or you can click Save and save it to the hard-disk drive.
Supported User Role
The following user roles are supported:
•Administrator
•Operator
•Viewer
You must be Administrator to run diagnostics.
Field Definitions
The following button is found on the Diagnostics Report panel.
Button Functions:
•Save—Opens the Save As dialog box so you can save a copy of the diagnostics report to your hard-disk drive.
•Generate Report—Starts the diagnostics process.
This process can take several minutes to complete. After the process is complete, a report is generated and the display is refreshed with the updated report.
Generating a Diagnostics Report
To run diagnostics, follow these steps:
Caution After you start the diagnostics process, do not click any other options in IDM or leave the Diagnostics panel. This process must complete before you can perform any other tasks for the sensor.
Step 1 Click Monitoring > Support Information > Diagnostics Report.
The Diagnostics panel appears.
Step 2 Click Generate New Report.
Note The diagnostics process can take some time to complete. When the process has finished running, the display is refreshed with the updated results.
Note To save this report as a file, click Save. The Save As dialog box opens and you can save the report to your hard-disk drive.
Viewing Statistics
This section describes how to view sensor statistics, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Viewing Statistics
Overview
The Statistics panel shows statistics for the following categories:
•Analysis Engine
•Event Server
•Event Store
•Host
•Interface Configuration
•Logger
•Network Access
•Notification
•Transaction Server
•Transaction Source
•Web Server
Supported User Role
You must be Administrator or Operator to view system statistics.
Field Definitions
The following button is found on the Statistics panel:
•Refresh—Displays the most recent information about the sensor applications, including the Web Server, Transaction Source, Transaction Server, Network Access Controller, Logger, Host, Event Store, Event Server, Analysis Engine, Interface Configuration, and Authentication.
Viewing Statistics
To show statistics for your sensor, follow these steps:
Step 1 Select Monitoring > Support Information > Statistics.
The Statistics page appears.
Step 2 To update statistics as they change, click Refresh.
Viewing System Information
This section describes how to view system information, and contains the following topics:
•Overview
•Supported User Role
•Field Definitions
•Viewing System Information
Overview
The System Information panel displays following information:
•TAC contact information
•How long the sensor has been running
•Type of sensor
•Software version
•Status of applications
•Upgrades installed
•PEP information
•Memory usage
•Disk usage
Supported User Role
You must be Administrator or Operator to view system information. Viewers can see all of the system information except for how long the sensor has been running and the disk usage.
Field Definitions
The following button is found on the System Information panel:
•Refresh—Displays the most recent information about the sensor, including the software version and PEP information.
Viewing System Information
To view system information, follow these steps:
Step 1 Click Monitoring > Support Information > System Information.
The System Information panel displays information about the system.
Step 2 Click Refresh.
The panel refreshes and displays new information.
Feedback
