IDS mailing list archives
RE: CISCO IDS Packet capture
From: "Alex Arndt" <aarndt () rogers com>
Date: Tue, 6 Apr 2004 20:34:21 -0400
Comments in-line below...
-----Original Message----- From: Strand, John [mailto:John.Strand () mms gov] Sent: April 2, 2004 8:36 AM To: focus-ids () securityfocus com Subject: CISCO IDS Packet capture Hello All, Does anyone know how to enable some level of packet capture and logging on the CISCO IDS system (the newer version which interfaces with CiscoWorks and can run on Win2K)? I have hunted through the CISCO provided PDF's and their a little on the light side. I also have hit the usual suspects, google, CISCO groups, etc..
The feature you're referring to is known as "IP Logging" in Cisco's documentation. You can find exactly how to configure it here (beware of line wrap): http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_ and_configuration_guide_chapter09186a00801a0c3c.html#255 This information is made available under the "IDS Device Monitoring Tasks" section of the "Installing and Using the Cisco Intrusion Detection System Device Manager and Event Viewer Version 4.1" online documentation that is available here (beware of line wrap): http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_ and_configuration_guide_book09186a00801a0c31.html
Thanks in advance for any help. js
You're welcome - I hope this info helps! Alex Arndt CISSP, GCIA "Within all order is the potential for chaos..." --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- CISCO IDS Packet capture Strand, John (Apr 06)
- RE: CISCO IDS Packet capture Alex Arndt (Apr 08)
- RE: CISCO IDS Packet capture Chad R. Skipper (Apr 08)
- Re: CISCO IDS Packet capture James Fields (Apr 08)
- <Possible follow-ups>
- RE: CISCO IDS Packet capture Matt Vaughan (Apr 08)
- RE: CISCO IDS Packet capture Strand, John (Apr 08)
- RE: CISCO IDS Packet capture Billy Dodson (Apr 08)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- Re: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Jason Haar (Apr 15)
- RE: Snoop on Cisco IDS (Was: CISCO IDS Packet capture) Alex Arndt (Apr 12)
- RE: CISCO IDS Packet capture Terence Runge (Apr 08)