Table of Contents
Advertisement
Chapter A
Troubleshooting
Display errors with the warning level starting at 10:00 a.m. on February 9, 2008.
Step 4
sensor# show events error warning 10:00:00 Feb 9 2008
evError: eventId=1041472274774840197 severity=warning vendor=Cisco
originator:
hostId: sensor
appName: cidwebserver
appInstanceId: 12160
time: 2008/01/07 04:49:25 2008/01/07 04:49:25 UTC
errorMessage: name=errWarning received fatal alert: certificate_unknown
Display alerts from the past 45 seconds.
Step 5
sensor# show events alert past 00:00:45
evIdsAlert: eventId=1109695939102805307 severity=medium vendor=Cisco
originator:
hostId: sensor
appName: sensorApp
appInstanceId: 367
time: 2008/03/02 14:15:59 2008/03/02 14:15:59 UTC
signature: description=Nachi Worm ICMP Echo Request id=2156 version=S54
subsigId: 0
sigDetails: Nachi ICMP
interfaceGroup:
vlan: 0
participants:
attacker:
target:
riskRatingValue: 70
interface: fe0_1
protocol: icmp
evIdsAlert: eventId=1109695939102805308 severity=medium vendor=Cisco
originator:
--MORE--
Display events that began 30 seconds in the past.
Step 6
sensor# show events past 00:00:30
evStatus: eventId=1041526834774829055 vendor=Cisco
originator:
hostId: sensor
appName: mainApp
appInstanceId: 2215
time: 2008/01/08 02:41:00 2008/01/08 02:41:00 UTC
controlTransaction: command=getVersion successful=true
description: Control transaction response.
requestor:
evStatus: eventId=1041526834774829056 vendor=Cisco
originator:
hostId: sensor
appName: login(pam_unix)
appInstanceId: 2315
time: 2008/01/08 02:41:00 2008/01/08 02:41:00 UTC
OL-18504-01
addr: locality=OUT 10.89.228.202
addr: locality=OUT 10.89.150.185
user: cids
application:
hostId: 64.101.182.101
appName: -cidcli
appInstanceId: 2316
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0
Gathering Information
A-91
- Quick Links:
- Table of Contents
- How the Sensor Functions
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
