Table of Contents
Advertisement
Chapter 10
Configuring the Sensor Using the CLI
Note
Note
Manual IP Logging for a Specific IP Address
Step 1
Step 2
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
You can also have the sensor automatically log IP packets every time a particular
signature is fired. You can specify how long you want the sensor to log IP traffic
(the default is 30 seconds), and/or now many packets and bytes you want logged.
Turning on IP logging affects system performance.
You cannot delete or manage IP log files. The no iplog command does not delete
IP logs, it only stops more packets from being recorded for that IP log. The IP logs
are stored in a circular buffer that is never filled because new IP logs overwrite the
old ones.
This section contains the following topics:
Manual IP Logging for a Specific IP Address, page 10-51
•
•
Automatic IP Logging for a Specific Signature, page 10-53
Disabling IP Logging, page 10-55
•
•
Copying IP Log Files to Be Viewed, page 10-56
You can log IP packets manually for a specific IP address. To stop logging IP
packets for a specific IP address, see
automatically log IP packets as an event associated with a signature, see
Automatic IP Logging for a Specific Signature, page
IP log file, see
Copying IP Log Files to Be Viewed, page
To manually log packets for a specific IP address, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Start IP logging for a specific IP address:
group-id ip-address
sensor# iplog
numPackets
] [bytes
There is only one interface group, 0.
Note
Disabling IP Logging, page
[duration
numBytes
]
Sensor Configuration Tasks
10-55. To
10-53. To copy and view an
10-56.
minutes
] [packets
10-51
Advertisement
Table of Contents
Troubleshooting
