Logging; Enabling Debug Logging - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Appendix C Troubleshooting
Log in to the master blocking sensor host's CLI and, using the show statistics network-access
Step 7
command, verify that the block also shows up in the master blocking sensor Network Access Controller's
statistics.
sensor# show statistics network-access
Current Configuration
AllowSensorShun = false
ShunMaxEntries = 250
MasterBlockingSensor
State
ShunEnable = true
ShunnedAddr
Step 8 If the remote master blocking sensor is using TLS for web access, make sure the forwarding sensor is
configured as a TLS host:
sensor# configure terminal
sensor(config)# tls trust ip master_blocking_sensor_ip_address

Logging

TAC may suggest that you turn on debug logging for troubleshooting purposes. LogApp controls what
log messages are generated by each application by controlling the logging severity for different logging
zones. By default, debug logging is not turned on.
If you enable individual zone control, each zone uses the level of logging that it is configured for.
Otherwise, the same logging level is used for all zones.
This section contains the following topics:
•
•
•

Enabling Debug Logging

Caution Enabling debug logging seriously affects performance and should only be done when instructed by TAC.
To enable debug logging, follow these steps:
Log in to the service account.
Step 1
Edit the log.conf file to increase the size of the log to accommodate the additional log statements:
Step 2
vi /usr/cids/idsRoot/etc/log.conf
78-16527-01
SensorIp = 10.89.149.46
SensorPort = 443
UseTls = 1
Host
IP = 10.16.0.0
ShunMinutes = 60
MinutesRemaining = 59
Enabling Debug Logging, page C-23
Zone Names, page C-27
Directing cidLog Messages to SysLog, page C-28
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Troubleshooting the 4200 Series Appliance
C-23