Appendix B Troubleshooting
Gathering Information
B-68
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
nac Display NAC shun events
past Display events starting in the past specified time
status Display status events
| Output modifiers
Displaying and Clearing Events
Use the show events command to display the local event log. You can display new
events or events from a specific time or of a specific severity, and you can delete
all events.
The show events command displays the requested event types beginning at the
requested start time. If no start time is entered, the selected events are displayed
beginning at the current time. If no event types are entered, all events are
displayed. Events are displayed as a live feed. You can cancel the live feed by
pressing Ctrl-C.
Note
The show events command waits until a specified event is available. It continues
to wait and display events until you exit by pressing Ctrl-C.
To display and clear events, follow these steps:
Step 1
Log in to the CLI.
Step 2
Display new events:
sensor# show events
Use the regular expression | include shunInfo to view the shun information,
including source address, for the event.
New events are displayed as they occur.
Step 3
Display events from a specific time:
sensor# show events
hh:mm month day year
For example, show events 14:00 September 2 2002 displays all events since
2:00 p.m. September 2, 2002.
Содержание IDS-4230-FE - Intrusion Detection Sys Fast Ethernet Sensor
Страница 4: ......
Страница 450: ...Appendix B Troubleshooting ...