Page 327
Appendix E Troubleshooting
Troubleshooting the Appliance
•You can configure a maximum of two external product devices.
For More Information
•For more information on working with OS maps and identifications, refer to Adding, Editing, Deleting, and Moving Configured OS Maps and Adding, Editing, Deleting, and Moving Configured OS Maps.
•For the procedure for adding trusted hosts, refer to Adding TLS Trusted Hosts.
External Product Interfaces Troubleshooting Tips
To troubleshoot external product interfaces, check the following:
•Make sure the interface is active by checking the output from the show statistics external-product-interfacecommand in the CLI, or choose .
•Make sure you have added the CSA MC IP address to the trusted hosts. If you forgot to add it, add it, wait a few minutes and then check again.
•Confirm subscription login information by opening and closing a subscription on the CSA MC using the browser.
•Check the Event Store for the CSA MC subscription errors.
For More Information
•For the procedure for adding trusted hosts, refer to Adding TLS Trusted Hosts.
•For the procedure for displaying events, refer to Displaying Events.
Troubleshooting the Appliance
This section contains information to troubleshoot the appliance. It contains the following topics:
•The Appliance and Jumbo Packet Frame Size, page E-22
•Hardware Bypass and Link Changes and Drops, page E-22
•Troubleshooting Loose Connections, page E-22
•Analysis Engine is Busy, page E-23
•Communication Problems, page E-23
•Communication Problems, page E-23
•The SensorApp and Alerting, page E-28
•Blocking, page E-35
•Logging, page E-44
•TCP Reset Not Occurring for a Signature, page E-50
•Software Upgrades, page E-51
Tip Before troubleshooting the appliance, check the Caveats section of the Readme for the software version you have installed on your sensor to see if you are dealing with a known issue.
| | Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1 | | | |
| | |
| OL-24002-01 | | | E-21 | |
| | | |
Contents
Text Part Number OL-24002-01
Americas Headquarters
Page
Iii
N T E N T S
Verifying the Sensor is Synchronized with the NTP Server
Accessories
Understanding the Power Supplies
Vii
Removing and Installing the Fan Module
Viii
Logging In to the ASA 5500 AIP SSP A-4
Obtaining and Installing the License Key Using the CLI C-11
Supported MIBs
Verifying the Master Blocking Sensor Configuration E-42
Statistics Information E-88
Xiii
10/100BaseT and 10/100/1000BaseT Connectors F-1
Xiv
Audience
Contents
Xvi
Comply with Local and National Electrical Codes
Organization
Section Title Description
Xvii
Xviii
Conventions
Related Documentation
Convention Indication
Xix
Obtaining Documentation and Submitting a Service Request
OL-24002-01
Capturing Network Traffic
How the Sensor Functions
Comprehensive Deployment Solutions
Tuning the IPS
Your Network Topology
Correctly Deploying the Sensor
Sensor Interfaces
Understanding Sensor Interfaces
For More Information
Sensor Command and Control Interface
Command and Control Interface
Interfaces Not
Sensing Interfaces
Interface Support
IPS Management 0/0
Combinations Supporting Command and Control
2SX
4GE-BP
Interfaces Not
OL-24002-01
Sensor Alternate TCP Reset Interface
TCP Reset Interfaces
IPS Any sensing interface
Interface Restrictions
Introducing the Sensor How the Sensor Functions
Interface Modes
IPv6, Switches, and Lack of Vacl Capture
Promiscuous Mode
Set span 930, 932, 960, 962 4/1-4 both
Inline Interface Pair Mode
3illustrates inline interface pair mode
Inline Vlan Pair Mode
Deploying Vlan Groups
Vlan Group Mode
IPS-2SX-INT=
Supported Sensors
Model Name Part Number Optional Interfaces Appliances
IPS-4GE-BP-INT=
Modules
IPS Appliances
Introducing the IPS Appliance
Exit Wr mem
Connecting an Appliance to a Terminal Server
Config t
Appliance Restrictions
ASA IPS Modules
Time Sources and the Sensor
Sensor and Time Sources
IPS Standalone Appliances
Generate the host statistics
Verifying the Sensor is Synchronized with the NTP Server
Correcting the Time on the Sensor
Log in to the sensor
For More Information
OL-24002-01
Installation Preparation
Preparing the Appliance for Installation
Safety Recommendations
Safety Guidelines
Electricity Safety Guidelines
Preventing Electrostatic Discharge Damage
Copper foil
Working in an ESD Environment
Preventive Site Configuration
General Site Requirements
Site Environment
Configuring Equipment Racks
Power Supply Considerations
Installation Notes and Caveats
Installing the IPS 4240 and IPS
Product Overview
Indicator Description
Front and Back Panel Features
Power
Specifications
Indicator Color Description
Dimensions and Weight
Connecting the IPS 4240 to a Cisco 7200 Series Router
Accessories
Environment
Rack Mounting
Installing the IPS 4240 and IPS
148406
Attach the network cables
Installing the IPS 4240-DC
148401
148405
For More Information
OL-24002-01
Installing the IPS
Installing the IPS Product Overview
Supported Interface Cards
4GE Bypass Interface Card
2SX Interface Card
10GE Interface Card
Hardware Bypass
4GE Bypass Interface Card
Hardware Bypass Configuration Restrictions
Hardware Bypass and Link Changes and Drops
IPS 4260 Front Panel Features
5shows the back view of the IPS
3lists the power supply indicator
4lists the specifications for the IPS
Color Description
Installing the IPS Accessories
Installing the IPS 4260 in a 4-Post Rack
153315
153317
Installing the IPS 4260 in a 2-Post Rack
153322
Installing the IPS
153309
Power on the IPS
Removing and Replacing the Chassis Cover
Sensor# reset powerdown
Installing and Removing Interface Cards
153312
Installing and Removing the Power Supply
Installing the IPS Installing and Removing the Power Supply
For More Information
OL-24002-01
Installing the IPS
Product Overview
WWW
2shows the 4GE bypass interface card
3shows the 2SX interface card
4GE Bypass Interface Card
Hardware Bypass and Link Changes and Drops
6shows the front panel switches and indicators
Front Panel Switches and Indicators
7shows the back view of the IPS
2describes the Ethernet port indicators
Indicator Indicator Green Description
Power Indicator Description Amber Green
Off Flashing AC power present Standby mode Normal
9shows the internal components
Indicator Component
Diagnostic Panel
5lists the specifications for the IPS
Understanding the Rail System Kit
Installing the Rail System Kit
Space and Airflow Requirements
Rail System Kit Contents
Repeat for each chassis side rail
Installing the IPS 4270-20 in the Rack
250221
250207
250208
250209
Repeat for each slide assembly
Extend the slide assemblies out of the rack
250212
Extending the IPS 4270-20 from the Rack
Install the electrical cables at the back of the IPS
250222
Installing the Cable Management Arm
PS1 UID Console
250215
250216
Converting the Cable Management Arm
250218
250219
250220
Installing the IPS
RJ-45 to DB-9 adapter RJ-45 to DB-9 serial cable Null-modem
Sensing
Removing and Replacing the Chassis Cover
Sensor# reset powerdown
Slide the chassis cover back and up to remove it
Lift up the cover latch on the top of the chassis
Accessing the Diagnostic Panel
Step
250204
Installing and Removing the Power Supply
PS1
Remove the power supply by pulling it away from the chassis
PCI-E x4 4
Lock the power supply handle
12 Fan, Connector, and Indicator
Installing and Removing Fans
250203
Troubleshooting Loose Connections
Installing the IPS 4345 and IPS
Dimensions and Weight IPS
1lists the specifications for the IPS 4345 and the IPS
Installing the IPS 4345 and IPS Specifications
IPS 4345 Packing Box Contents
IPS 4360 Packing Box Contents
Power button Indicators
Active
Boot
Alarm
PS0
HD1 HD2
3describes the rear Mgmt and network interface indicators
7shows the back panel features of the IPS
Rack-Mounting Guidelines
Rack Mount Installation
Removing the Brackets from the Front of the Chassis
Installing the IPS 4345 in a Rack
10 Rack-Mounting the Chassis
Installing the Appliance on the Network
Management 0/0 port RJ-45 Ethernet cable
92685
Understanding the Power Supplies
Removing and Installing the Power Supply
11 AC Power Supply and DC Power Supply
Indicator Color and State Description
Removing and Installing the AC Power Supply
12 Removing the Slot Cover
PS0PS1
Installing DC Input Power
16 IPS 4345 Back Panel
Fixed fan Fixed DC power supply
Statement
We recommend that you strip the wire to 0.27 inch 7 mm
Negative lead wire Ground lead wire Positive + lead wire
20shows the DC power supply with lead wires
Gently pull the wires out of the power supply
Removing and Installing the DC Power Supply
24 Removing the DC Power Supply
Installing the IPS 4510 and IPS
IDM
IME
Not supported at this time
PWR Boot Alarm ACT VPN PS1 PS0
HDD1 HDD2
PWR
Back panel
OUT Fail
FAN OK
Green-AC power cord connected and AC
Indicates status of power supply module
Off-No AC power cord connected or AC
Power switch off
SFP
Installing the IPS 4510 and IPS Accessories
Memory Configurations
Power Supply Module Requirements
Supported SFP/SFP+ Modules
Installing the IPS 4510 and IPS
1G SFP Module
10G SFP+ Module
Install the SFP/SFP+ module
Connect one RJ-45 connector to the Management 0/0 interface
Connect one end of the LC cable to the SFP/SFP+ module
Removing and Installing the Core IPS SSP
331818
Removing and Installing the Power Supply Module
Tighten the captive screws
Removing and Installing the Fan Module
Installing the Slide Rail Kit Hardware
344202
Installing and Removing the Slide Rail Kit
Installing the Chassis in the Rack
Package Contents
Square Studs for Square Hole Post
Securing the Slide Rail to the Rack Post
10 Installing the #10-32 Cage Nuts
11 Installing the Chassis on the Outer Rail
12 Securing the Chassis to the Outer Rail
Pull out the chassis to the locked position
Removing the Chassis from the Rack
14 Pressing Down the Release Hook
Rack-Mounting the Chassis Using the Fixed Rack Mount
331821
331822
Reattach the power cable to the sensor Power on the sensor
16 Cable Management Brackets for the Fixed Rack Mount
Installing the Cable Management Brackets
17 Cable Management Brackets for the Slide Rail
IPS 4500 Series Sensors and the SwitchApp
Installing and Removing the ASA 5500 AIP SSM
CIS
DMZ Configuration
Memory Specifications
Specification Description
Hardware and Software Requirements
Color State Description
Indicators
Installation and Removal Instructions
Installing the ASA 5500 AIP SSM
Insert the ASA 5500 AIP SSM through the slot opening
Removing the ASA 5500 AIP SSM
Verifying the Status of the ASA 5500 AIP SSM
Asa# hw-module module 1 reset
Installing and Removing the ASA 5585-X IPS SSP
ASA 5585-X SSP-10 With IPS SSP-10
Introducing the ASA 5585-X IPS SSP
ASA 5585-X SSP-60 With IPS SSP-60
1lists the specifications for the ASA 5585-X IPS SSP
ASA 5585-X SSP-20 With IPS SSP-20
ASA 5585-X SSP-40 With IPS SSP-40
1shows the front view of the IPS SSP-10 and IPS SSP-20
Front Panel Features
2shows the front view of IPS SSP-40 and IPS SSP-60
PWR Boot Alarm ACT VPN PS1 PS0 HDD1 HDD2
3shows the front panel indicators
Green-VPN tunnel is established
Indicates the status of an HA pair
Green-Status of an HA pair
Indicates whether a VPN tunnel has been established
Memory Requirements
3shows the Ethernet port indicators
SFP/SFP+ Modules
Installing the ASA 5585-X IPS SSP
Power off the ASA
Remove the power cable from the ASA
ASA 5585-X IPS SSP
Installing SFP/SFP+ Modules
Connect one end of the LC cable to the SFP/SFP+
Verifying the Status of the ASA 5585-X IPS SSP
Verify the status of the ASA 5585-X IPS SSP
Removing and Replacing the ASA 5585-X IPS SSP
ASA 5585-X IPS SSP Ejection levers
For More Information
OL-24002-01
Supported User Roles
Logging In to the Sensor
Logging In to the Appliance
Connecting an Appliance to a Terminal Server
Asa# session
Logging In to the ASA 5500 AIP SSP
Asa# session ips
Logging In to the ASA 5500-X IPS SSP
Logging In to the ASA 5585-X IPS SSP
Logging In to the Sensor
OL-24002-01
Understanding Initialization
Initializing the Sensor
System Configuration Dialog
Simplified Setup Mode
Use Http proxy server for Global Correlation?no
Appendix B Initializing the Sensor Basic Sensor Setup
Basic Sensor Setup
Appendix B Initializing the Sensor Basic Sensor Setup
Following configuration was entered
Advanced Setup for the Appliance
Advanced Setup
Enter 1 to edit the interface configuration
Enter a subinterface number and description
Enter numbers for Vlan 1
Press Enter to return to the available interfaces menu
Enter 3 to add inline Vlan pair GigabitEthernet0/01
Enter 2 to edit the virtual sensor configuration
Enter 2 to modify the virtual sensor configuration, vs0
Press Enter to return to the top-level editing menu
Host-ip 192.168.1.2/24,192.168.1.1
Enter 2 to save the configuration
Reboot the appliance
Enter yes to continue the reboot
Advanced Setup for the ASA 5500 AIP SSM
Enter a name and description for your virtual sensor
Enter 2 to modify the virtual sensor vs0 configuration
Modify default threat prevention settings?no
Aip-ssm#show tls fingerprint
Reboot the ASA 5500 AIP SSM
Advanced Setup for the ASA 5500-X IPS SSP
Enter 2 to create a signature-definition configuration file
Host-name asa-ips
Asa-ips#show tls fingerprint
Reboot the ASA 5500-X IPS SSP
Advanced Setup for the ASA 5585-X IPS SSP
Enter 2 to edit the virtual sensor configuration
Modify default threat prevention settings?no
Reboot the ASA 5585-X IPS SSP
Verifying Initialization
Ips-ssp#show tls fingerprint
View your configuration
Sensor# show tls fingerprint
Display the self-signed X.509 certificate needed by TLS
Downloading Cisco IPS Software
Obtaining Cisco IPS Software
IPS 7.1 Files
Enter your username and password
IPS Software Versioning
Major Update
Minor Update
Service Pack
IPS-identifier-K9-x.y-za or p1-E1.pkg
Signature Update
Recovery and System Image Files
Signature Engine Update
IPS Software Release Examples
Documentation is on this
Accessing IPS Documentation
Obtaining a License Key From Cisco.com
Cisco Security Intelligence Operations
Understanding Licensing
Service Programs for IPS Products
OL-24002-01
Obtaining and Installing the License Key Using the CLI
OL-24002-01
CLI
Verify the sensor is licensed
Obtaining a License for the IPS
Sensor# erase license-key
Uninstalling the License Key
Verify the sensor key has been uninstalled
Licensing the ASA 5500-X IPS SSP
MainApp 2012APR26074571468 Release
System Image Notes and Caveats
Upgrading, Downgrading, and Installing System Images
Supported FTP and HTTP/HTTPS Servers
Upgrades, Downgrades, and System Images
Manually Upgrading the Sensor
IPS 7.1 Upgrade Files
Upgrade Notes and Caveats
Upgrading the Sensor
Upgrading the Sensor
Upgrade the sensor
Enter the password when prompted
Enter yes to complete the upgrade
Verify your new sensor version
Enter the server password. The upgrade process begins
Configuring Automatic Upgrades
Upgrading the Recovery Partition
Upgrade the recovery partition
Automatically Upgrading the Sensor
Understanding Automatic Upgrades
Configuring Automatic Upgrades
On Cisco.com. Continue with Step
Specify the username for authentication
Specify the password of the user
Verify the settings
Exit automatic upgrade submode
Downgrading the Sensor
Press Enter to apply the changes or type no to discard them
Sensorconfig# recover application-partition
Recovering the Application Partition
Recovering the Application Partition Image
Recover the application partition image
Rommon
Installing System Images
Tftp Servers
Installing the IPS 4270-20 System Image
Rommon
Installing the IPS 4345 and IPS 4360 System Images
Download and install the system image
Boot IPS
IMAGE= CONFIG=
Rommon IMAGE=systemimages/IPS-4345-K9-sys-1.1-a-7.1-3-E4.img
Assign the Tftp server IP address
Installing the IPS 4510 and IPS 4520 System Image
If necessary, assign the Tftp server IP address
Installing the ASA 5500-X IPS SSP System Image
Image the ASA 5500-X IPS SSP
Periodically check the recovery until it is complete
Asa enable
Asa# sw-module module ips recover boot
Installing the ASA 5585-X IPS SSP System Image
Example
Configure the recovery settings for the ASA 5585-X IPS SSP
Specify the default gateway of the ASA 5585-X IPS SSP
Specify the Tftp URL for the software image
Installing the ASA 5585-X IPS SSP System Image Using Rommon
Cisco Systems
Boot the ASA 5585-X IPS SSP
If necessary, assign the Tftp server IP address
For More Information
Preventive Maintenance
Troubleshooting
Sensor# more backup-config
Understanding Preventive Maintenance
Creating and Using a Backup Configuration File
Sensor# copy current-config backup-config
Sensor# copy /erase backup-config current-config
Restoring the Current Configuration From a Backup File
Backing Up the Current Configuration to a Remote Server
Creating the Service Account
Exit configuration mode
Sensorconfig# user username privilege service
Appendix E Troubleshooting Disaster Recovery
Disaster Recovery
ASA 5500-X IPS SSP
Recovering the Password
Understanding Password Recovery
Platform Description Recovery Method
Recovering the Password for the Appliance
Using the Grub Menu
Using Rommon
Sample Rommon session
Recovering the ASA 5500-X IPS SSP Password
Enter the following commands to reset the password
Confreg 0x7 boot
Session to the ASA 5500-X IPS SSP
Enter your new password twice
Recovering the ASA 5585-X IPS SSP Password
Using the Asdm
Asa# hw-module module 1 password-reset
Session to the ASA 5585-X IPS SSP
Disabling Password Recovery Using
Disabling Password Recovery
Verifying the State of Password Recovery
Disabling Password Recovery Using the CLI
Troubleshooting Password Recovery
Sensorconfig-hos#show settings include password
Time Sources and the Sensor
Synchronizing IPS Module Clocks with Parent Device Clocks
Correcting Time on the Sensor
Advantages and Restrictions of Virtualization
CISCO-ENHANCED-MEMPOOL-MIB CISCO-ENTITY-ALARM-MIB
Supported MIBs
CISCO-CIDS-MIB
Exit analysis engine submode
When to Disable Anomaly Detection
Troubleshooting Global Correlation
Disable anomaly detection operational mode
Sensor# show version
Analysis Engine Not Responding
Analysis Engine is not running
Resolved
External Product Interfaces Issues
Troubleshooting External Product Interfaces
Troubleshooting the Appliance
External Product Interfaces Troubleshooting Tips
You can configure a maximum of two external product devices
Appliance and Jumbo Packet Frame Size
Troubleshooting Loose Connections
Communication Problems
Analysis Engine is Busy
Sensor# show statistics virtual-sensor
Cannot Access the Sensor CLI Through Telnet or SSH
More
Correcting a Misconfigured Access List
Sensor# show configuration include access-list
Duplicate IP Address Shuts Interface Down
Total Transmit Fifo Overruns = 0 sensor#
SensorApp Is Not Running
SensorApp and Alerting
Sensor# show interfaces
Physical Connectivity, SPAN, or Vacl Port Issue
OL-24002-01
Unable to See Alerts
Make sure you have Produce Alert configured
Sensor# show interfaces GigabitEthernet0/1
Sensor Not Seeing Packets
Check for alerts
Sensor# show interfaces FastEthernet0/1
Check to see that the interface is up and receiving packets
Sensor# configure terminal sensorconfig# service interface
Cleaning Up a Corrupted SensorApp Configuration
Replace the virtual sensor file
Remove the cache files
Blocking
Troubleshooting Blocking
Verify that the MainApp is running
Verifying ARC is Running
Sensor# show events error 000000 Apr 01 2011 include nac
If the ARC is not connecting, look for recurring errors
Make sure you have the latest software updates
Sensor# show events error hhmmss month day year include nac
For More Information
Device Access Issues
Sensor config# service network-access
Verify the IP address for the managed devices
Start the manual block of the bogus host IP address
Sensorconfig# service network-access
Router
Enter ARC general submode
Enabling SSH Connections to the Network Device
Enable SSH-3DES
Type yes when prompted to accept the device
Blocking Not Occurring for a Signature
Exit signature definition submode
Verifying the Master Blocking Sensor Configuration
Exit network access general submode
Enable debug logging for all zones
Logging
Enabling Debug Logging
Turn on individual zone control
Exit master zone control
View the zone names
Turn on debugging for a particular zone
Sensorconfig-log#zone-control nac severity debug
Press Enter to apply changes or type no to discard them
Exit the logger submode
Zone Name Description
To learn more about the IPS Logger service, refer to Logger
Zone Names
Table E-2lists the debug logger zone names
Directing cidLog Messages to SysLog
Sensor# show events alert
TCP Reset Not Occurring for a Signature
Upgrading and Analysis Engine
Software Upgrades
Issues With Automatic Update
Which Updates to Apply and Their Prerequisites
Updating a Sensor with the Update Stored on the Sensor
Cannot Launch IDM Loading Java Applet Failed
Troubleshooting the IDM
Delete the temp files and clear the history in the browser
Cannot Launch the IDM-the Analysis Engine Busy
Signatures Not Producing Alerts
Troubleshooting the IME
Troubleshooting the ASA 5500 AIP SSM
Not Supported Error Message
Time Synchronization on the IME and the Sensor
Reset
Health and Status Information
Show module
Asaconfig# hw-module module 1 recover configure
Failover Scenarios
ASA 5500 AIP SSM and the Normalizer Engine
ASA 5500 AIP SSM and the Data Plane
ASA 5500 AIP SSM and Jumbo Packet Frame Size
ASA 5500 AIP SSM and Jumbo Packets
Two ASA 5500-Xs in Fail-Open Mode
Troubleshooting the ASA 5500-X IPS SSP
Single ASA 5500-X in Fail-Open Mode
Single ASA 5500-X in Fail-Close Mode
Asa# show module ips details
Two ASA 5500-Xs in Fail-Close Mode
Asa-ips#debug module-boot
Appendix E
Mod-ips 351 Freeing SMP alternatives 29k freed
Mod-ips 384 CPU L2 cache 4096K
CRS
Legacy
IRQ
ASA 5500-X IPS SSP and the Normalizer Engine
Platform Yellow Red Memory Used
ASA 5500-X IPS SSP and Memory Usage
ASA 5500-X IPS SSP and Jumbo Packet Frame Size
ASA 5500-X IPS SSP and Jumbo Packets
Single ASA 5585-X in Fail-Open Mode
Troubleshooting the ASA 5585-X IPS SSP
Single ASA 5585-X in Fail-Close Mode
Two ASA 5585-Xs in Fail-Open Mode
Two ASA 5585-Xs in Fail-Close Mode
ABC1234DEFG
Traffic Flow Stopped on IPS Switchports
App. Status
Asaconfig# debug module-boot
Ips-ssp#hw-module module 1 recover configure
ASA 5585-X IPS SSP and the Normalizer Engine
Gathering Information
ASA 5585-X IPS SSP and Jumbo Packet Frame Size
ASA 5585-X IPS SSP and Jumbo Packets
Sensor# show health
Health and Network Security Information
This section contains the following topics
Show the health and security status of the sensor
Displaying Tech Support Information
Understanding the show tech-support Command
Tech Support Information
Displaying Tech Support Information
Tech Support Command Output
Sensor# show tech-support destination-url destinationurl
Sensor# show tech-support page System Status Report
Default Vlan = InlineMode = Unpaired
Version Information
Understanding the show version Command
Displaying Version Information
View version information
Cancel the output and get back to the CLI prompt
View configuration information
Sensor# more current-config
Statistics Information
Understanding the show statistics Command
Sensor# show statistics analysis-engine
Displaying Statistics
Transaction Source Virtual Sensor Web Server
Display the statistics for the Analysis Engine
Msrpctcp Msrpcudp
Display the statistics for anomaly detection
Display the statistics for authentication
Display the statistics for the Event Server
Display the statistics for the Event Store
Display the statistics for global correlation
Display the statistics for the host
Show statistics host
Sensor# show statistics logger
Sensor# show statistics network-access
Display the statistics for the logging application
Display the statistics for the ARC
Type = PIX
Display the statistics for the notification application
Display the statistics for OS identification
Display the statistics for the Sdee server
Display the statistics for the transaction server
Display the statistics for a virtual sensor
Sensor# show statistics transaction-server General
Packets Modified = Dropped
Display the statistics for the web server
Sensor# show statistics web-server listener-443
Sensor# show statistics logger clear
Understanding the show interfaces Command
Interfaces Information
100
Interfaces Command Output
Events Information
101
102
Understanding the show events Command
Sensor Events
Displaying Events
103
Displaying Events
Display alerts from the past 45 seconds
Display events that began 30 seconds in the past
104
105
Clearing Events
CidDump Script
Enter yes to clear the events
Usr/cids/idsRoot/bin/cidDump
Uploading and Accessing Files on the Cisco FTP Site
Enter the following command
106
Figure F-1shows the 10/100BaseT RJ-45 port pinouts
10/100BaseT and 10/100/1000BaseT Connectors
Figure F-2shows the 10/100/1000BaseT RJ-45 port pinouts
Console Port RJ-45
Signal Console Port RJ-45 Pin DB-9 Pin
RJ-45 to DB-9 or DB-25
Pin
OL-24002-01
GL-1
Method for access control in Cisco devices
Can configure the sensor to manage ACLs
Event occurred for example, the receipt of a message
GL-2
To detect worm-infected hosts
GL-3
GL-4
Certificate for one CA issued by another CA
GL-5
GL-6
Communication networks
To legitimate users
Addresses
GL-7
Than an algorithm
Dual In-line Memory Modules
A public outside network
GL-8
Procedures, and basic data transport methods
An ITU standard that governs H.245 endpoint control
GL-9
GL-10
Through network traffic analysis techniques
Tcpdump
GL-11
GL-12
GL-13
GL-14
GL-15
GL-16
GL-17
GL-18
Types of security devices
Accepts requests for events from remote clients
TCP application
GL-19
GL-20
GL-21
Local system. Telnet is defined in RFC
GL-22
GL-23
GL-24
At the IP level
Payload reassembly
Hosts
GL-25
GL-26
IN-1
Span
IN-2
Applying software updates
ARC
ASA 5500 AIP SSM
IN-3
Converting Copy backup-config Copy current-config
URL
IPS 4270-20 Clearing Events
Show events
Show health Show module 1 details
IN-4
Clearing events 1-24,E-16 No alerts Time stamp
Examples ASA failover configuration
Span configuration for IPv6 support
Types E-102 Event Store Clearing
ASA 5500-X IPS SSP ASA 5585-X IPS SSP
IDM
IME
ASA 5500 AIP SSM ASA 5500-X IPS SSP ASA 5585-X IPS SSP
IN-7
ASA 5500 AIP SSM ASA 5585-X IPS SSP
Intrusion Prevention System Manager Express. See
IME IPS
IN-8
IN-9
Fan supply modules Not supported Power supply modules
OIR
SFP/SFP+
SwitchApp Two power supply modules
Supported SFP modules
IN-10
SSH
IDS
IN-11
IN-12
Password recovery Appliances
Asdm
Rommon ASA 5585-X IPS SSP
IN-13
IN-14
RTT
IN-15
Show statistics virtual-sensor command
Appliances Port issues Specifications
With hardware bypass
TAC
Unix
IN-16
IN-17
Show interfaces command
Sensor loose connections
Tips
IN-18