1-16
Installing Cisco Intrusion Prevention System Appliances and Modules 5.0
78-16124-01
Chapter 1 Introducing the Sensor
Installation Preparation
–
Use NTP
You can configure AIP-SSM to get its time from an NTP time synchronization source, such as
a Cisco router other than the parent router. For the procedure, refer to
Configuring a Cisco
Router to be an NTP Server
. You will need the NTP server IP address, the NTP key ID, and the
NTP key value. You can configure AIP-SSM to use NTP during initialization or you can set up
NTP through the CLI, IDM, or ASDM.
Note
We recommend that you use an NTP time synchronization source.
Correcting the Time on the Sensor
If you set the time incorrectly, your stored events will have the incorrect time because they are stamped
with the time the event was created.
The Event Store time stamp is always based on UTC time. If during the original sensor setup, you set
the time incorrectly by specifying 8:00 p.m. rather than 8:00 a.m., when you do correct the error, the
corrected time will be set backwards. New events might have times older than old events.
For example, if during the initial setup, you configure the sensor as central time with daylight saving
time enabled and the local time is 8:04 p.m., the time is displayed as 20:04:37 CDT and has an offset
from UTC of -5 hours (01:04:37 UTC, the next day). A week later at 9:00 a.m., you discover the error:
the clock shows 21:00:23 CDT. You then change the time to 9:00 a.m. and now the clock shows 09:01:33
CDT. Because the offset from UTC has not changed, it requires that the UTC time now be 14:01:33 UTC,
which creates the time stamp problem.
To ensure the integrity of the time stamp on the event records, you must clear the event archive of the
older events by using the clear events command. For more information on the clear events command,
refer to
Clearing Events from the Event Store
.
Caution
You cannot remove individual events.
Installation Preparation
To prepare for installing sensors, follow these steps:
Step 1
Review the safety precautions outlined in
Regulatory Compliance and Safety Information for the Cisco
Intrusion Prevention System 4200 Series Appliance Sensor
.
Step 2
To familiarize yourself with the IPS and related documentation and where to find it on Cisco.com, read
Documentation Roadmap for Cisco Intrusion Prevention System 5.0
.
Step 3
Obtain the
Release Notes for Cisco Intrusion Prevention System 5.0
from Cisco.com and completely read
them before proceeding with the installation.
Step 4
Unpack the sensor.