Table of Contents
Advertisement
Sensor Configuration Tasks
Copying IP Log Files to Be Viewed
Step 1
Step 2
Step 3
Step 4
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
10-56
You can copy IP log files to an FTP or SCP server so that you can view them with
a sniffing tool such as Ethereal or TCP Dump.
To copy IP log files to an FTP or SCP server, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Monitor the IP log status by executing the iplog-status command until you see
that the status reads completed for the log ID of the log file that you want to copy:
sensor# iplog-status
Log ID:
IP Address:
Group:
Status:
Start Time:
End Time:
Bytes Captured:
Packets Captured:
Copy the IP log to your FTP or SCP server:
sensor# copy iplog 137857506 ftp://root@10.16.0.0/user/iplog1
Password: ******** Connected to 10.16.0.0 (10.16.0.0). 220
linux.machine.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30 :36
EST 2000) ready. ftp> user (username) root 331 Password required for
root. Password:230 User root logged in. ftp> 200 Type set to I. ftp>
put iplog.8518.tmp iplog1 local: iplog.8518.tmp remote: iplog1 227
Entering Passive Mode (2,4,6,8,179,125) 150 Opening BINARY mode data
connection for iplog1. 226 Transfer complete. 30650 bytes sent in
0.00246 secs (1.2e+04 Kbytes/sec) ftp>
Open the IP log using a sniffer program such as Ethereal or TCPDUMP.
For more information on Ethereal go to http://www.ethereal.com. For more
information on TCPDUMP, go to http://www.tcpdump.org/.
Chapter 10
137857506
10.16.0.0
0
completed
1070363599443768000
1070363892909384000
30650
263
Configuring the Sensor Using the CLI
78-15597-02
Advertisement
Table of Contents
Troubleshooting
