Automatic Ip Logging For A Specific Signature - Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual

Chapter 10 Configuring the Sensor Using the CLI

Automatic IP Logging for a Specific Signature

Step 1
Step 2
Step 3
Step 4
Step 5
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
IP Address:
Group:
Status:
Start Time:
End Time:
Bytes Captured:
Packets Captured:
You can assign IP logging as an event for the EventAction of a signature so that
every time the signature fires, IP packets are captured for that signature. To turn
off automatic IP logging for a signature, use the default keyword (see Step 8). To
copy and view an IP log file, see
To automatically log IP packets for a specific signature, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Enter configuration mode:
sensor# configure terminal
Enter virtual sensor configuration mode:
sensor(config)# service virtual-sensor-configuration virtualSensor
Enter tune micro-engines submode:
sensor(config-vsc)# tune-micro-engines
Type the name of the signature engine that you want to tune.
Note You can view a list of all signature engines by typing a question mark (?)
at the
sensor(config-vsc-virtualSensor)#
For example, to tune a simple UDP packet alarm, type the following command:
sensor(config-vsc-virtualSensor)# ATOMIC.UDP
10.16.0.0
0
completed
1070438601052865000
1070439201267043000
5104
46
Copying IP Log Files to Be Viewed, page
Sensor Configuration Tasks
10-56.
prompt.
10-53