Table of Contents
Advertisement
System Components
Alert Events
Note
Status Events
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
A-40
Alert Events, page A-40
•
•
NAC Events, page A-42
Event Actions, page A-43
•
Alert events provide notification of some suspicious activity that may indicate an
intrusion attack is in process or has been attempted. Alert events are generated by
the SensorApp application whenever an IDS signature is triggered by network
activity.
The following is an example of an alert event:
evAlert: eventId=1066276939791336085 severity=informational
originator:
hostId: sensor
appName: sensorApp
appInstanceId: 3627
time: 2003/10/16 16:50:11 2003/10/16 11:50:11 CDT
interfaceGroup: 0
vlan: 0
signature: sigId=1001 sigName=Record Packet Rte subSigId=0 version=S37
participants:
attack:
attacker: proxy=false
addr: locality=OUT 4.1.1.2
victim:
addr: locality=OUT 10.2.1.2
alertDetails: Traffic Source: int0 ;
The alertDetails field shows the specific interface that the alert is coming from.
Status events are generated by IDS applications whenever certain application state
changes occur. The content of evStatus is an element that defines what aspect of
the application's state changed and the new state value. The state information that
may be reported varies by application, and many of the state elements are specific
to a single application.
Appendix A
Intrusion Detection System Architecture
78-15597-02
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor and is the answer not in the manual?
Questions and answers