Cisco IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor Installation And Configuration Manual page 365

Appendix A Intrusion Detection System Architecture
IDS Events
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
Control transactions have the following characteristics:
• They always consist of a request followed by a response. The request and
response may have an arbitrary amount of data associated with them. The
response always includes at least a positive or negative acknowledgment.
They are point-to-point transactions. They are sent by one application
•
instance (the initiator) to another application instance (the responder).
IDS data is represented in XML format as an XML document. The system stores
user configurable parameters in several XML files.
IDS applications generate IDS events to report the occurrence of some stimulus.
The events are the data, such as the alerts generated by sensorApp or errors
generated by any application. Events are stored in a local database known as the
EventStore.
There are five types of events:
evAlert—Alert event messages that report when a signature is triggered by
•
network activity.
evStatus—Status event messages that report the status and actions of the IDS
•
applications.
evError— Error event messages that report errors that occurred while
•
attempting response actions.
evLogTransaction—Log transaction messages that report the control
•
transactions processed by each sensor application.
evShunRqst—Shun request messages that report when NAC issues a shun
•
request.
You can view the status and error messages using the CLI, IDM, and the IEV.
SensorApp and NAC log response actions (TCP resets, IP logging start and stop,
blocking start and stop, trigger packet) as status messages.
This section contains the following topics:
• Alert Events, page A-40
Status Events, page A-40
•
• Error Events, page A-41
System Components
A-39