C-11
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
78-16527-01
Appendix C Troubleshooting
Troubleshooting the 4200 Series Appliance
Step 3
If the Link Status is down, make sure the sensing port is connected properly:
a.
Make sure the sensing port is connected properly on the appliance.
See the chapter on your appliance in
Installing Cisco Intrusion Prevention System Appliances and
Modules 5.0
.
b.
Make sure the sensing port is connected to the correct SPAN or VACL capture port on IDSM-2.
For the procedures, see
Chapter 15, “Configuring IDSM-2.”
Step 4
Verify the interface configuration:
a.
Make sure you have the interfaces configured properly.
For the procedure see
Chapter 5, “Configuring Interfaces.”
b.
Verify the SPAN and VACL capture port configuration on the Cisco switch.
Refer to your switch documentation for the procedure.
Step 5
Verify again that the interfaces are up and that the packet count is increasing.
sensor#
show interfaces
Unable to See Alerts
If you are not seeing alerts, try the following:
•
Make sure the signature is enabled.
•
Make sure the signature is not retired.
•
Make sure that you have Produce Alert configured as an action.
Note
If you choose Produce Alert, but come back later and add another event action and do not
add Produce Alert to the new configuration, alerts are not be sent to the Event Store. Every
time you configure a signature, the new configuration overwrites the old one, so make sure
you have configured all the event actions you want for each signature.
•
Make sure the sensor is seeing packets.
•
Make sure that alerts are being generated.
To make sure you can see alerts, follow these steps:
Step 1
Log in to the CLI.
Step 2
Make sure the signature is enabled:
sensor#
configure terminal
sensor(config)#
service signature-definition sig0
sensor(config-sig)#
signatures 1300 0
sensor(config-sig-sig)#
status
sensor(config-sig-sig-sta)#
show settings
status
-----------------------------------------------
enabled: true <defaulted>
retired: false <defaulted>
-----------------------------------------------