Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 161

Chapter 8 Configuring IP Logging
Note
To disable one or all IP logging sessions, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Step 1
To stop a particular IP logging session:
Step 2
a. Find the log ID of the session you want to stop by using the iplog-status command:
sensor# iplog-status
Log ID:
IP Address 1:
Virtual Sensor:
Status:
Event ID:
Bytes Captured:
Packets Captured:
sensor#
Note
Stop the IP log session:
b.
sensor# no iplog log-id 137857512
To stop all IP logging sessions on the virtual sensor:
Step 3
sensor# no iplog name vs0
Verify that IP logging has been stopped:
Step 4
sensor# iplog-status
Log ID:
IP Address 1:
Virtual Sensor:
Status:
Event ID:
Bytes Captured:
Packets Captured:
sensor#
When the logs are stopped, the status shows them as completed.
78-16527-01
There is only one virtual sensor name in IPS 5.0, vs0.
1
10.16.0.0
vs0
added
0
0
0
Each alert references IP logs that are created because of that alert. If multiple alerts create
IP logs for the same IP address, only one IP log is created for all the alerts. Each alert
references the same IP log. However, the output of the IP log status only shows the event ID
of the first alert triggering the IP log.
1
10.16.0.0
vs0
completed
0
0
0
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Stopping Active IP Logs
8-5