From: 2nd CCIE (doubleccie@yahoo.com)
Date: Wed Sep 20 2006 - 15:14:52 ART
I did that ...i made the severity to be high ..however i never seen anything on the IEV ..only informational serverity increases ..but 0 high serverity .
how can i make sure that the switch is actually sending anything to the sensing interface?
thanks for your help
Kal Han <calikali2006@gmail.com> wrote:
Hi
Just enable ICMP echo and ICMP echo-reply signatures on the sensor,
Add your sensor to the IEV and ping any host in vlan11.
That triggers an event by the sensor ( if the monitoring
is working and sending a copy of traffic to the sensor )
and you can see the event on your IEV.
Does this help ?
Thanks
Kal
On 9/20/06, 2nd CCIE <doubleccie@yahoo.com> wrote: Hi Folks ;
I am trying to practise some IDS , I have an IDS 4.1 .
my setup is simple PC --------sw1------------(sniff) IDS-(c&c)-------sw1-----------IEV
I am using separate vlan for the PC and Sniff port than the C&C port and IEV
the IEV can ping the cc port , I can also login via IDM to the sensor
my configuration on the switch is as follows
monitor session 1 source vlan 11 rx
monitor session 1 destination interface Fa0/12
my first question here is that ..how can i make sure that the monitoring is actually working and sends traffic to the sniff port of the IDS ???
I have access via IDM as well as keyboard and monitor .
can someone help that so i can post my other questions ?:)