Maintaining the latest Cisco IPS software version is important to maintaining an effective security posture. To display the version of software running on a sensor, you use the show version sensor CLI command. This command displays various characteristics about the sensor, such as the following: Sensor uptime Recovery partition software version Current sensor software version Previous sensor software version The show configuration sensor CLI command displays the current configuration of the sensor. The configuration is divided into the following service categories that correspond to the global configuration service CLI command: analysis engine authentication event-action-rules host interface logger network-access notification signature-definition ssh-known-hosts trusted-certificates web-server The show inventory command shows the Product Evolution Program (PEP) information, such as the following: The operational statistics fall into the following categories (specified as keywords on the show statistics command): analysis-engine authentication denied-attackers event-server event-store host logger network-access notification sdee-server transaction-server transaction-source virtual-sensor web-server You can view this information by using the show statistics CLI command. Through the CLI, you can view events generated on the sensor by using the show events command. This command enables you to selectively display events based on the keywords shown in Table 12-7. Table 12-7. show events Command KeywordsKeyword | Description |
---|
alert | Displays local system alerts | error | Displays error events | log | Displays log events | nac | Displays Network Access Controller (NAC) blocking events | status | Displays status events |
Appending the | character (known as a pipe in UNIX terminology) to many CLI commands enables you to limit the output when you use one of the keywords shown in Table 12-8. Table 12-8. show events Output KeywordsKeyword | Description |
---|
begin | Begins displaying events with a line that matches the specified criteria | include | Includes only events that match the specified criteria | exclude | Excludes any events that match the specified criteria |
Besides using the CLI, you can use IDM to display sensor events. When choosing the time frame for events in IDM, you can choose one of the following options: All events in the Event Store Events a specified number of hours or minutes in the past Events in a specified date and time range Using the show interfaces CLI command, you can check the status of the interfaces on your IPS sensor. The packet capture and packet display CLI commands enable you to capture packets on specific sensor interfaces. Using the show tech-support command, you can display a comprehensive list of status and system information about your sensor. This command consolidates the output from the following commands and other data sources: show configuration show version Debug logs XML configuration files The IDM diagnostic report provides the same information as the show tech-support CLI command. You can configure SNMP access to your sensor by using the service notification sensor CLI global configuration command, which has the options listed in Table 12-9. Table 12-9. service notification Configuration ParametersKeyword | Description |
---|
enable-detail-traps | Removes the size limits on traps sent, as opposed to those in sparse mode (fewer than 484 bytes) | enable-notifications | Enables (or disables) SNMP event notifications | enable-set-get | Enables (or disables) the ability of your management software to use SNMP sets and gets | error-filter | Enables you to determine which errors generate SNMP traps (options are warning, error, and fatal) | read-only-community | Sets the read-only community name string | read-write-community | Sets the read-write community name string | snmp-agent-port | Sets the port at which the SNMP agent will listen for requests from your management software | snmp-agent-protocol | Determines whether SNMP requests use TCP or UDP | system-contact | Identifies the contact information for the sensor | system-location | Identifies the location of the sensor | trap-community-name | Specifies the name used when sending traps if no name is specified when defining trap destinations | trap-destinations | IP address to receive generated traps |
|