A-10
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix A System Architecture
MainApp
•
VLAN
•
Participant information
•
Actions
•
Alarm traits
•
Signature
•
IP log IDs
NotificationApp determines which <evError> events to send as a trap according to the filter that you
define. You can filter based on error severity (error, fatal, and warning). NotificationApp sends the
following information from the <evError> event:
•
Originator information
•
Event ID
•
Event severity
•
Time (UTC and local time)
•
Error message
NotificationApp supports GETs for the following general health and system information from the
sensor:
•
Packet loss
•
Packet denies
•
Alarms generated
•
Fragments in FRP
•
Datagrams in FRP
•
TCP streams in embryonic state
•
TCP streams in established state
•
TCP streams in closing state
•
TCP streams in system
•
TCP packets queued for reassembly
•
Total nodes active
•
TCP nodes keyed on both IP addresses and both ports
•
UDP nodes keyed on both IP addresses and both port
•
IP nodes keyed on both IP address
•
Sensor memory critical stage
•
Interface status
•
Command and control packet statistics
•
Fail-over state
•
System uptime
•
CPU usage