Page 326
Appendix E Troubleshooting
Troubleshooting External Product Interfaces
-----
MainApp N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Running
AnalysisEngine N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500 Not Running
CLI N-2007_JUN_19_16_45 (Release) 2007-06-19T17:10:20-0500
Step 3 Enter show tech-supportand save the output.
Step 4 Reboot the sensor.
Step 5 Enter show version after the sensor has stabilized to see if the issue is resolved.
Step 6 If the Analysis Engine still reads Not Running, contact TAC with the original show tech support command output.
Troubleshooting External Product Interfaces
This section lists issues that can occur with external product interfaces and provides troubleshooting tips. For more information on external product interfaces, refer to Configuring External Product Interfaces. This section contains the following topics:
•External Product Interfaces Issues, page E-20
•External Product Interfaces Troubleshooting Tips, page E-21
External Product Interfaces Issues
When the external product interface receives host posture and quarantine events, the following issues can arise:
•The sensor can store only a certain number of host records:
–If the number of records exceeds 10,000, subsequent records are dropped.
–If the 10,000 limit is reached and then it drops to below 9900, new records are no longer dropped.
•Hosts can change an IP address or appear to use another host IP address, for example, because of DHCP lease expiration or movement in a wireless network. In the case of an IP address conflict, the sensor presumes the most recent host posture event to be the most accurate.
•A network can include overlapping IP address ranges in different VLANs, but host postures do not include VLAN ID information. You can configure the sensor to ignore specified address ranges.
•A host can be unreachable from the CSA MC because it is behind a firewall. You can exclude unreachable hosts.
•The CSA MC event server allows up to ten open subscriptions by default. You can change this value. You must have an administrative account and password to open subscriptions.
•CSA data is not virtualized; it is treated globally by the sensor.
•Host posture OS and IP addresses are integrated into passive OS fingerprinting storage. You can view them as imported OS profiles.
•You cannot see the quarantined hosts.
•The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted host.
| Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1 |
E-20 | OL-24002-01 |
Contents
Americas Headquarters
Text Part Number OL-24002-01
Page
N T E N T S
Iii
Verifying the Sensor is Synchronized with the NTP Server
Accessories
Understanding the Power Supplies
Removing and Installing the Fan Module
Vii
Logging In to the ASA 5500 AIP SSP A-4
Viii
Obtaining and Installing the License Key Using the CLI C-11
Supported MIBs
Verifying the Master Blocking Sensor Configuration E-42
Statistics Information E-88
10/100BaseT and 10/100/1000BaseT Connectors F-1
Xiii
Xiv
Contents
Audience
Comply with Local and National Electrical Codes
Xvi
Xvii
Organization
Section Title Description
Convention Indication
Conventions
Related Documentation
Xviii
Obtaining Documentation and Submitting a Service Request
Xix
OL-24002-01
How the Sensor Functions
Capturing Network Traffic
Comprehensive Deployment Solutions
Correctly Deploying the Sensor
Tuning the IPS
Your Network Topology
For More Information
Sensor Interfaces
Understanding Sensor Interfaces
Command and Control Interface
Sensor Command and Control Interface
IPS Management 0/0
Sensing Interfaces
Interface Support
Interfaces Not
Combinations Supporting Command and Control
4GE-BP
2SX
Interfaces Not
OL-24002-01
TCP Reset Interfaces
Sensor Alternate TCP Reset Interface
Interface Restrictions
IPS Any sensing interface
Introducing the Sensor How the Sensor Functions
Interface Modes
Promiscuous Mode
IPv6, Switches, and Lack of Vacl Capture
Inline Interface Pair Mode
Set span 930, 932, 960, 962 4/1-4 both
Inline Vlan Pair Mode
3illustrates inline interface pair mode
Vlan Group Mode
Deploying Vlan Groups
IPS-4GE-BP-INT=
Supported Sensors
Model Name Part Number Optional Interfaces Appliances
IPS-2SX-INT=
IPS Appliances
Modules
Introducing the IPS Appliance
Appliance Restrictions
Connecting an Appliance to a Terminal Server
Config t
Exit Wr mem
IPS Standalone Appliances
Time Sources and the Sensor
Sensor and Time Sources
ASA IPS Modules
Log in to the sensor
Verifying the Sensor is Synchronized with the NTP Server
Correcting the Time on the Sensor
Generate the host statistics
For More Information
OL-24002-01
Preparing the Appliance for Installation
Installation Preparation
Electricity Safety Guidelines
Safety Recommendations
Safety Guidelines
Preventing Electrostatic Discharge Damage
Working in an ESD Environment
Copper foil
Site Environment
Preventive Site Configuration
General Site Requirements
Power Supply Considerations
Configuring Equipment Racks
Installing the IPS 4240 and IPS
Installation Notes and Caveats
Product Overview
Front and Back Panel Features
Indicator Description
Dimensions and Weight
Specifications
Indicator Color Description
Power
Environment
Connecting the IPS 4240 to a Cisco 7200 Series Router
Accessories
Rack Mounting
Installing the IPS 4240 and IPS
148406
Attach the network cables
Installing the IPS 4240-DC
148401
148405
For More Information
OL-24002-01
Installing the IPS
Installing the IPS Product Overview
2SX Interface Card
Supported Interface Cards
4GE Bypass Interface Card
Hardware Bypass
10GE Interface Card
Hardware Bypass Configuration Restrictions
4GE Bypass Interface Card
Hardware Bypass and Link Changes and Drops
IPS 4260 Front Panel Features
5shows the back view of the IPS
Color Description
3lists the power supply indicator
4lists the specifications for the IPS
Installing the IPS Accessories
Installing the IPS 4260 in a 4-Post Rack
153315
153317
Installing the IPS 4260 in a 2-Post Rack
153322
Installing the IPS
153309
Power on the IPS
Removing and Replacing the Chassis Cover
Sensor# reset powerdown
Installing and Removing Interface Cards
153312
Installing and Removing the Power Supply
Installing the IPS Installing and Removing the Power Supply
For More Information
OL-24002-01
Installing the IPS
Product Overview
WWW
2shows the 4GE bypass interface card
3shows the 2SX interface card
4GE Bypass Interface Card
Hardware Bypass and Link Changes and Drops
6shows the front panel switches and indicators
Front Panel Switches and Indicators
7shows the back view of the IPS
Power Indicator Description Amber Green
2describes the Ethernet port indicators
Indicator Indicator Green Description
Off Flashing AC power present Standby mode Normal
9shows the internal components
Diagnostic Panel
Indicator Component
5lists the specifications for the IPS
Installing the Rail System Kit
Understanding the Rail System Kit
Rail System Kit Contents
Space and Airflow Requirements
Installing the IPS 4270-20 in the Rack
Repeat for each chassis side rail
250221
250207
250208
250209
Repeat for each slide assembly
Extend the slide assemblies out of the rack
250212
Install the electrical cables at the back of the IPS
Extending the IPS 4270-20 from the Rack
250222
Installing the Cable Management Arm
PS1 UID Console
250215
250216
Converting the Cable Management Arm
250218
250219
250220
Installing the IPS
RJ-45 to DB-9 adapter RJ-45 to DB-9 serial cable Null-modem
Sensing
Removing and Replacing the Chassis Cover
Sensor# reset powerdown
Lift up the cover latch on the top of the chassis
Slide the chassis cover back and up to remove it
Accessing the Diagnostic Panel
Step
250204
Installing and Removing the Power Supply
PS1
Remove the power supply by pulling it away from the chassis
PCI-E x4 4
Lock the power supply handle
Installing and Removing Fans
12 Fan, Connector, and Indicator
250203
Troubleshooting Loose Connections
Installing the IPS 4345 and IPS
1lists the specifications for the IPS 4345 and the IPS
Dimensions and Weight IPS
Installing the IPS 4345 and IPS Specifications
IPS 4345 Packing Box Contents
Power button Indicators
IPS 4360 Packing Box Contents
Boot
Active
HD1 HD2
Alarm
PS0
7shows the back panel features of the IPS
3describes the rear Mgmt and network interface indicators
Rack Mount Installation
Rack-Mounting Guidelines
Installing the IPS 4345 in a Rack
Removing the Brackets from the Front of the Chassis
10 Rack-Mounting the Chassis
Installing the Appliance on the Network
Management 0/0 port RJ-45 Ethernet cable
92685
Removing and Installing the Power Supply
Understanding the Power Supplies
11 AC Power Supply and DC Power Supply
Removing and Installing the AC Power Supply
Indicator Color and State Description
12 Removing the Slot Cover
PS0PS1
Installing DC Input Power
Fixed fan Fixed DC power supply
16 IPS 4345 Back Panel
We recommend that you strip the wire to 0.27 inch 7 mm
Statement
Negative lead wire Ground lead wire Positive + lead wire
20shows the DC power supply with lead wires
Removing and Installing the DC Power Supply
Gently pull the wires out of the power supply
24 Removing the DC Power Supply
Installing the IPS 4510 and IPS
IDM
IME
PWR
PWR Boot Alarm ACT VPN PS1 PS0
HDD1 HDD2
Not supported at this time
Back panel
FAN OK
OUT Fail
Power switch off
Indicates status of power supply module
Off-No AC power cord connected or AC
Green-AC power cord connected and AC
SFP
Installing the IPS 4510 and IPS Accessories
Supported SFP/SFP+ Modules
Memory Configurations
Power Supply Module Requirements
10G SFP+ Module
Installing the IPS 4510 and IPS
1G SFP Module
Connect one RJ-45 connector to the Management 0/0 interface
Install the SFP/SFP+ module
Connect one end of the LC cable to the SFP/SFP+ module
Removing and Installing the Core IPS SSP
331818
Removing and Installing the Power Supply Module
Tighten the captive screws
Removing and Installing the Fan Module
Installing the Slide Rail Kit Hardware
Installing and Removing the Slide Rail Kit
344202
Package Contents
Installing the Chassis in the Rack
Square Studs for Square Hole Post
Securing the Slide Rail to the Rack Post
10 Installing the #10-32 Cage Nuts
11 Installing the Chassis on the Outer Rail
12 Securing the Chassis to the Outer Rail
Removing the Chassis from the Rack
Pull out the chassis to the locked position
14 Pressing Down the Release Hook
Rack-Mounting the Chassis Using the Fixed Rack Mount
331821
Reattach the power cable to the sensor Power on the sensor
331822
Installing the Cable Management Brackets
16 Cable Management Brackets for the Fixed Rack Mount
17 Cable Management Brackets for the Slide Rail
IPS 4500 Series Sensors and the SwitchApp
Installing and Removing the ASA 5500 AIP SSM
CIS
DMZ Configuration
Hardware and Software Requirements
Memory Specifications
Specification Description
Installing the ASA 5500 AIP SSM
Indicators
Installation and Removal Instructions
Color State Description
Insert the ASA 5500 AIP SSM through the slot opening
Verifying the Status of the ASA 5500 AIP SSM
Removing the ASA 5500 AIP SSM
Asa# hw-module module 1 reset
Installing and Removing the ASA 5585-X IPS SSP
Introducing the ASA 5585-X IPS SSP
ASA 5585-X SSP-10 With IPS SSP-10
ASA 5585-X SSP-40 With IPS SSP-40
1lists the specifications for the ASA 5585-X IPS SSP
ASA 5585-X SSP-20 With IPS SSP-20
ASA 5585-X SSP-60 With IPS SSP-60
Front Panel Features
1shows the front view of the IPS SSP-10 and IPS SSP-20
2shows the front view of IPS SSP-40 and IPS SSP-60
3shows the front panel indicators
PWR Boot Alarm ACT VPN PS1 PS0 HDD1 HDD2
Indicates whether a VPN tunnel has been established
Indicates the status of an HA pair
Green-Status of an HA pair
Green-VPN tunnel is established
3shows the Ethernet port indicators
Memory Requirements
Remove the power cable from the ASA
Installing the ASA 5585-X IPS SSP
Power off the ASA
SFP/SFP+ Modules
ASA 5585-X IPS SSP
Installing SFP/SFP+ Modules
Verifying the Status of the ASA 5585-X IPS SSP
Connect one end of the LC cable to the SFP/SFP+
Removing and Replacing the ASA 5585-X IPS SSP
Verify the status of the ASA 5585-X IPS SSP
ASA 5585-X IPS SSP Ejection levers
For More Information
OL-24002-01
Logging In to the Sensor
Supported User Roles
Logging In to the Appliance
Connecting an Appliance to a Terminal Server
Logging In to the ASA 5500 AIP SSP
Asa# session
Logging In to the ASA 5500-X IPS SSP
Asa# session ips
Logging In to the ASA 5585-X IPS SSP
Logging In to the Sensor
OL-24002-01
Initializing the Sensor
Understanding Initialization
Simplified Setup Mode
System Configuration Dialog
Use Http proxy server for Global Correlation?no
Basic Sensor Setup
Appendix B Initializing the Sensor Basic Sensor Setup
Appendix B Initializing the Sensor Basic Sensor Setup
Following configuration was entered
Advanced Setup
Advanced Setup for the Appliance
Enter 1 to edit the interface configuration
Press Enter to return to the available interfaces menu
Enter a subinterface number and description
Enter numbers for Vlan 1
Press Enter to return to the top-level editing menu
Enter 2 to edit the virtual sensor configuration
Enter 2 to modify the virtual sensor configuration, vs0
Enter 3 to add inline Vlan pair GigabitEthernet0/01
Host-ip 192.168.1.2/24,192.168.1.1
Enter yes to continue the reboot
Enter 2 to save the configuration
Reboot the appliance
Advanced Setup for the ASA 5500 AIP SSM
Enter 2 to modify the virtual sensor vs0 configuration
Enter a name and description for your virtual sensor
Modify default threat prevention settings?no
Reboot the ASA 5500 AIP SSM
Aip-ssm#show tls fingerprint
Advanced Setup for the ASA 5500-X IPS SSP
Enter 2 to create a signature-definition configuration file
Host-name asa-ips
Reboot the ASA 5500-X IPS SSP
Asa-ips#show tls fingerprint
Advanced Setup for the ASA 5585-X IPS SSP
Enter 2 to edit the virtual sensor configuration
Modify default threat prevention settings?no
Ips-ssp#show tls fingerprint
Reboot the ASA 5585-X IPS SSP
Verifying Initialization
View your configuration
Display the self-signed X.509 certificate needed by TLS
Sensor# show tls fingerprint
Obtaining Cisco IPS Software
Downloading Cisco IPS Software
Enter your username and password
IPS 7.1 Files
Service Pack
Major Update
Minor Update
IPS Software Versioning
Signature Update
IPS-identifier-K9-x.y-za or p1-E1.pkg
Signature Engine Update
Recovery and System Image Files
IPS Software Release Examples
Accessing IPS Documentation
Documentation is on this
Cisco Security Intelligence Operations
Obtaining a License Key From Cisco.com
Service Programs for IPS Products
Understanding Licensing
OL-24002-01
Obtaining and Installing the License Key Using the CLI
OL-24002-01
Verify the sensor is licensed
CLI
Obtaining a License for the IPS
Licensing the ASA 5500-X IPS SSP
Uninstalling the License Key
Verify the sensor key has been uninstalled
Sensor# erase license-key
MainApp 2012APR26074571468 Release
Upgrading, Downgrading, and Installing System Images
System Image Notes and Caveats
Upgrades, Downgrades, and System Images
Supported FTP and HTTP/HTTPS Servers
Upgrading the Sensor
IPS 7.1 Upgrade Files
Upgrade Notes and Caveats
Manually Upgrading the Sensor
Enter yes to complete the upgrade
Upgrade the sensor
Enter the password when prompted
Upgrading the Sensor
Verify your new sensor version
Upgrade the recovery partition
Configuring Automatic Upgrades
Upgrading the Recovery Partition
Enter the server password. The upgrade process begins
Understanding Automatic Upgrades
Automatically Upgrading the Sensor
Configuring Automatic Upgrades
Verify the settings
Specify the username for authentication
Specify the password of the user
On Cisco.com. Continue with Step
Press Enter to apply the changes or type no to discard them
Exit automatic upgrade submode
Downgrading the Sensor
Recover the application partition image
Recovering the Application Partition
Recovering the Application Partition Image
Sensorconfig# recover application-partition
Installing System Images
Rommon
Tftp Servers
Installing the IPS 4270-20 System Image
Rommon
Boot IPS
Installing the IPS 4345 and IPS 4360 System Images
Download and install the system image
IMAGE= CONFIG=
Assign the Tftp server IP address
Rommon IMAGE=systemimages/IPS-4345-K9-sys-1.1-a-7.1-3-E4.img
Installing the IPS 4510 and IPS 4520 System Image
If necessary, assign the Tftp server IP address
Installing the ASA 5500-X IPS SSP System Image
Asa# sw-module module ips recover boot
Periodically check the recovery until it is complete
Asa enable
Image the ASA 5500-X IPS SSP
Installing the ASA 5585-X IPS SSP System Image
Specify the Tftp URL for the software image
Configure the recovery settings for the ASA 5585-X IPS SSP
Specify the default gateway of the ASA 5585-X IPS SSP
Example
Installing the ASA 5585-X IPS SSP System Image Using Rommon
Boot the ASA 5585-X IPS SSP
Cisco Systems
If necessary, assign the Tftp server IP address
For More Information
Troubleshooting
Preventive Maintenance
Sensor# copy current-config backup-config
Understanding Preventive Maintenance
Creating and Using a Backup Configuration File
Sensor# more backup-config
Sensor# copy /erase backup-config current-config
Backing Up the Current Configuration to a Remote Server
Restoring the Current Configuration From a Backup File
Sensorconfig# user username privilege service
Creating the Service Account
Exit configuration mode
Disaster Recovery
Appendix E Troubleshooting Disaster Recovery
Platform Description Recovery Method
Recovering the Password
Understanding Password Recovery
ASA 5500-X IPS SSP
Using Rommon
Recovering the Password for the Appliance
Using the Grub Menu
Confreg 0x7 boot
Recovering the ASA 5500-X IPS SSP Password
Enter the following commands to reset the password
Sample Rommon session
Enter your new password twice
Session to the ASA 5500-X IPS SSP
Asa# hw-module module 1 password-reset
Recovering the ASA 5585-X IPS SSP Password
Using the Asdm
Session to the ASA 5585-X IPS SSP
Disabling Password Recovery Using the CLI
Disabling Password Recovery
Verifying the State of Password Recovery
Disabling Password Recovery Using
Time Sources and the Sensor
Troubleshooting Password Recovery
Sensorconfig-hos#show settings include password
Synchronizing IPS Module Clocks with Parent Device Clocks
Advantages and Restrictions of Virtualization
Correcting Time on the Sensor
CISCO-CIDS-MIB
CISCO-ENHANCED-MEMPOOL-MIB CISCO-ENTITY-ALARM-MIB
Supported MIBs
Disable anomaly detection operational mode
When to Disable Anomaly Detection
Troubleshooting Global Correlation
Exit analysis engine submode
Resolved
Analysis Engine Not Responding
Analysis Engine is not running
Sensor# show version
Troubleshooting External Product Interfaces
External Product Interfaces Issues
You can configure a maximum of two external product devices
Troubleshooting the Appliance
External Product Interfaces Troubleshooting Tips
Troubleshooting Loose Connections
Appliance and Jumbo Packet Frame Size
Sensor# show statistics virtual-sensor
Communication Problems
Analysis Engine is Busy
Cannot Access the Sensor CLI Through Telnet or SSH
More
Duplicate IP Address Shuts Interface Down
Correcting a Misconfigured Access List
Sensor# show configuration include access-list
Total Transmit Fifo Overruns = 0 sensor#
SensorApp and Alerting
SensorApp Is Not Running
Physical Connectivity, SPAN, or Vacl Port Issue
Sensor# show interfaces
OL-24002-01
Make sure you have Produce Alert configured
Unable to See Alerts
Sensor# show interfaces FastEthernet0/1
Sensor Not Seeing Packets
Check for alerts
Sensor# show interfaces GigabitEthernet0/1
Sensor# configure terminal sensorconfig# service interface
Check to see that the interface is up and receiving packets
Remove the cache files
Cleaning Up a Corrupted SensorApp Configuration
Replace the virtual sensor file
Troubleshooting Blocking
Blocking
Verifying ARC is Running
Verify that the MainApp is running
Sensor# show events error hhmmss month day year include nac
If the ARC is not connecting, look for recurring errors
Make sure you have the latest software updates
Sensor# show events error 000000 Apr 01 2011 include nac
For More Information
Verify the IP address for the managed devices
Device Access Issues
Sensor config# service network-access
Enter ARC general submode
Sensorconfig# service network-access
Router
Start the manual block of the bogus host IP address
Blocking Not Occurring for a Signature
Enable SSH-3DES
Type yes when prompted to accept the device
Enabling SSH Connections to the Network Device
Verifying the Master Blocking Sensor Configuration
Exit signature definition submode
Exit network access general submode
Enabling Debug Logging
Enable debug logging for all zones
Logging
View the zone names
Turn on individual zone control
Exit master zone control
Sensorconfig-log#zone-control nac severity debug
Turn on debugging for a particular zone
Exit the logger submode
Press Enter to apply changes or type no to discard them
Table E-2lists the debug logger zone names
To learn more about the IPS Logger service, refer to Logger
Zone Names
Zone Name Description
Directing cidLog Messages to SysLog
TCP Reset Not Occurring for a Signature
Sensor# show events alert
Software Upgrades
Upgrading and Analysis Engine
Which Updates to Apply and Their Prerequisites
Issues With Automatic Update
Updating a Sensor with the Update Stored on the Sensor
Troubleshooting the IDM
Cannot Launch IDM Loading Java Applet Failed
Cannot Launch the IDM-the Analysis Engine Busy
Delete the temp files and clear the history in the browser
Troubleshooting the IME
Signatures Not Producing Alerts
Time Synchronization on the IME and the Sensor
Troubleshooting the ASA 5500 AIP SSM
Not Supported Error Message
Show module
Reset
Health and Status Information
Asaconfig# hw-module module 1 recover configure
Failover Scenarios
ASA 5500 AIP SSM and the Normalizer Engine
ASA 5500 AIP SSM and Jumbo Packets
ASA 5500 AIP SSM and the Data Plane
ASA 5500 AIP SSM and Jumbo Packet Frame Size
Single ASA 5500-X in Fail-Close Mode
Troubleshooting the ASA 5500-X IPS SSP
Single ASA 5500-X in Fail-Open Mode
Two ASA 5500-Xs in Fail-Open Mode
Two ASA 5500-Xs in Fail-Close Mode
Asa# show module ips details
Asa-ips#debug module-boot
Appendix E
Mod-ips 351 Freeing SMP alternatives 29k freed
Mod-ips 384 CPU L2 cache 4096K
CRS
Legacy
IRQ
ASA 5500-X IPS SSP and the Normalizer Engine
ASA 5500-X IPS SSP and Jumbo Packets
ASA 5500-X IPS SSP and Memory Usage
ASA 5500-X IPS SSP and Jumbo Packet Frame Size
Platform Yellow Red Memory Used
Troubleshooting the ASA 5585-X IPS SSP
Single ASA 5585-X in Fail-Open Mode
Two ASA 5585-Xs in Fail-Close Mode
Single ASA 5585-X in Fail-Close Mode
Two ASA 5585-Xs in Fail-Open Mode
Traffic Flow Stopped on IPS Switchports
ABC1234DEFG
App. Status
Ips-ssp#hw-module module 1 recover configure
Asaconfig# debug module-boot
ASA 5585-X IPS SSP and the Normalizer Engine
ASA 5585-X IPS SSP and Jumbo Packets
Gathering Information
ASA 5585-X IPS SSP and Jumbo Packet Frame Size
Show the health and security status of the sensor
Health and Network Security Information
This section contains the following topics
Sensor# show health
Displaying Tech Support Information
Understanding the show tech-support Command
Tech Support Information
Displaying Tech Support Information
Sensor# show tech-support page System Status Report
Tech Support Command Output
Sensor# show tech-support destination-url destinationurl
Default Vlan = InlineMode = Unpaired
Version Information
View version information
Understanding the show version Command
Displaying Version Information
Sensor# more current-config
Cancel the output and get back to the CLI prompt
View configuration information
Understanding the show statistics Command
Statistics Information
Display the statistics for the Analysis Engine
Displaying Statistics
Transaction Source Virtual Sensor Web Server
Sensor# show statistics analysis-engine
Msrpctcp Msrpcudp
Display the statistics for anomaly detection
Display the statistics for the Event Store
Display the statistics for authentication
Display the statistics for the Event Server
Show statistics host
Display the statistics for global correlation
Display the statistics for the host
Display the statistics for the ARC
Sensor# show statistics network-access
Display the statistics for the logging application
Sensor# show statistics logger
Type = PIX
Display the statistics for the Sdee server
Display the statistics for the notification application
Display the statistics for OS identification
Sensor# show statistics transaction-server General
Display the statistics for the transaction server
Display the statistics for a virtual sensor
Packets Modified = Dropped
Sensor# show statistics logger clear
Display the statistics for the web server
Sensor# show statistics web-server listener-443
100
Understanding the show interfaces Command
Interfaces Information
101
Interfaces Command Output
Events Information
Displaying Events
Understanding the show events Command
Sensor Events
102
Displaying Events
103
104
Display alerts from the past 45 seconds
Display events that began 30 seconds in the past
Enter yes to clear the events
Clearing Events
CidDump Script
105
106
Uploading and Accessing Files on the Cisco FTP Site
Enter the following command
Usr/cids/idsRoot/bin/cidDump
10/100BaseT and 10/100/1000BaseT Connectors
Figure F-1shows the 10/100BaseT RJ-45 port pinouts
Console Port RJ-45
Figure F-2shows the 10/100/1000BaseT RJ-45 port pinouts
Pin
Signal Console Port RJ-45 Pin DB-9 Pin
RJ-45 to DB-9 or DB-25
OL-24002-01
Event occurred for example, the receipt of a message
Method for access control in Cisco devices
Can configure the sensor to manage ACLs
GL-1
To detect worm-infected hosts
GL-2
GL-3
Certificate for one CA issued by another CA
GL-4
GL-5
Addresses
Communication networks
To legitimate users
GL-6
A public outside network
Than an algorithm
Dual In-line Memory Modules
GL-7
GL-8
GL-9
Procedures, and basic data transport methods
An ITU standard that governs H.245 endpoint control
GL-10
GL-11
Through network traffic analysis techniques
Tcpdump
GL-12
GL-13
GL-14
GL-15
GL-16
GL-17
TCP application
Types of security devices
Accepts requests for events from remote clients
GL-18
GL-19
GL-20
Local system. Telnet is defined in RFC
GL-21
GL-22
GL-23
At the IP level
GL-24
GL-25
Payload reassembly
Hosts
GL-26
Span
IN-1
ASA 5500 AIP SSM
Applying software updates
ARC
IN-2
IPS 4270-20 Clearing Events
Converting Copy backup-config Copy current-config
URL
IN-3
IN-4
Show events
Show health Show module 1 details
Types E-102 Event Store Clearing
Examples ASA failover configuration
Span configuration for IPv6 support
Clearing events 1-24,E-16 No alerts Time stamp
ASA 5500 AIP SSM ASA 5500-X IPS SSP ASA 5585-X IPS SSP
IDM
IME
ASA 5500-X IPS SSP ASA 5585-X IPS SSP
IME IPS
ASA 5500 AIP SSM ASA 5585-X IPS SSP
Intrusion Prevention System Manager Express. See
IN-7
IN-8
SFP/SFP+
Fan supply modules Not supported Power supply modules
OIR
IN-9
IN-10
SwitchApp Two power supply modules
Supported SFP modules
IN-11
SSH
IDS
Password recovery Appliances
IN-12
IN-13
Asdm
Rommon ASA 5585-X IPS SSP
RTT
IN-14
With hardware bypass
Show statistics virtual-sensor command
Appliances Port issues Specifications
IN-15
IN-16
TAC
Unix
Tips
Show interfaces command
Sensor loose connections
IN-17
IN-18