Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 363

Appendix A Intrusion Detection System Architecture
Table A-1 IDS Event Examples
IDS Event Intrusion Event
Types Priorities
status —
error, status —
status —
intrusion, low
network access
network access, medium, high
error, status,
intrusion
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
The fixed-sized, indexed EventStore allows simple event queries based on the
time, type, priority, and a limited number of user-defined attributes. If each
intrusion event is assigned a priority of low, medium, or high, a single event query
can specify a list of desired event types, intrusion event priorities, and a time
range.
Table A-1 shows some examples:
Start Time
Stamp Value
0
0
65743
0
4123000000
The size of the EventStore allows sufficient buffering of the IDS events when the
sensor is not connected to an IDS event consumer. Sufficient buffering depends
on your requirements and the capabilities of the nodes in use. The oldest events
in the circular buffer are replaced by the newest events.
Stop Time
Stamp Value Meaning
Maximum value Get all status events that are
stored.
65743 Get all error and status events
that were stored before time
65743.
Maximum value Get status events that were
stored at or after time 65743.
Maximum value Get all intrusion and network
access events with low priority
that are stored.
4123987256 Get network access, error, status,
and intrusion events with
medium or high priority that
were stored between time
4123000000 and 4123987256.
System Components
A-37