RE: CISCO IDS Packet capture

From: Alex Arndt (aarndt_at_rogers.com)
Date: 04/07/04

  • Next message: Billy Dodson: "RE: CISCO IDS Packet capture" 
    To: "Strand, John" <John.Strand@mms.gov>, <focus-ids@securityfocus.com>
Date: Tue, 6 Apr 2004 20:34:21 -0400

    Comments in-line below...

    > -----Original Message-----
    > From: Strand, John [mailto:John.Strand@mms.gov]
    > Sent: April 2, 2004 8:36 AM
    > To: focus-ids@securityfocus.com
    > Subject: CISCO IDS Packet capture
    >
    > Hello All,
    >
    > Does anyone know how to enable some level of packet capture and logging on
    > the CISCO IDS system (the newer version which interfaces with
    > CiscoWorks and
    > can run on Win2K)? I have hunted through the CISCO provided PDF's
    > and their
    > a little on the light side. I also have hit the usual suspects, google,
    > CISCO groups, etc..

    The feature you're referring to is known as "IP Logging" in Cisco's
    documentation. You can find exactly how to configure it here (beware of
    line wrap):

    http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_
    and_configuration_guide_chapter09186a00801a0c3c.html#255

    This information is made available under the "IDS Device Monitoring Tasks"
    section of the "Installing and Using the Cisco Intrusion Detection System
    Device Manager and Event Viewer Version 4.1" online documentation that is
    available here (beware of line wrap):
    http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_
    and_configuration_guide_book09186a00801a0c31.html

    >
    > Thanks in advance for any help.
    >
    >
    > js

    You're welcome - I hope this info helps!

    Alex Arndt
    CISSP, GCIA

    "Within all order is the potential for chaos..."

    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------

  • Next message: Billy Dodson: "RE: CISCO IDS Packet capture"

    Relevant Pages

    • Re: Fwd: Re: IDS evaluation
      ... I'm a Product Manager for Cisco IDS. ... Cisco IDS 4235 & 4250 have been shipping for a while now. ... >Dragon are still vaporware at this time. ...
      (Focus-IDS)
    • Re: CISCO IDS Packet capture
      ... For each signature on a newer Cisco sensor, you have the ability to turn on ... > Does anyone know how to enable some level of packet capture and logging on ... > the CISCO IDS system (the newer version which interfaces with CiscoWorks ...
      (Focus-IDS)
    • RE: Cisco IDS
      ... CSIDS has the capability to pretty much only work with Cisco products ... > Subject: Cisco IDS ... > Check Point Firewall-1? ... > I think than ISS Network Sensor can do it with Check ...
      (Focus-IDS)
    • RE: CISCO IDS Packet capture
      ... We have been using the context buffer for a while and that is ... Subject: CISCO IDS Packet capture ... Does anyone know how to enable some level of packet capture and logging ...
      (Focus-IDS)
    • Re: Help with Cisco
      ... Subject: Help with Cisco ... Logging trap debugging, log everything. ... I didn't use ftp, just ...
      (Security-Basics)