Like other Cisco router features, IDS services allow for the display of various parameters using show commands. You can also debug IDS services using debugging commands, and you can reset IDS parameters using the clear commands. Show CommandsThe show commands to display IDS parameters are clear-cut . You use the show ip audit configuration command to display parameters that you have configured along with default IDS parameters. Figure 6.9 shows the use of this command. Figure 6.9. show ip audit configuration command.
Use the show ip audit interface command to display the interface or interfaces that you have applied your IDS policies to. Figure 6.10 shows the use of this command. Figure 6.10. show ip audit interface command.
Use the show ip audit statistics command to display statistical information, such as the number of events fired and the number of packets inspected by IDS. Some of the other useful IDS show commands are show ip audit all , which you use to display all available IDS information, and show ip audit sessions , which you use to display IDS session information. Debug CommandsDebugging can be helpful when you need to troubleshoot your IDS configuration. Cisco has a number of debug commands available for use with IDS. Some of the more important IDS debug commands follow: debug ip audit detailed debug ip audit ip debug ip audit smtp debug ip audit tcp debug ip audit udp Clear CommandsThere are two clear commands available with IDS. The clear ip audit configuration command deletes all IDS configurations that you did and disables the IDS services on the router. Any memory or other resources that are being used by IDS are also freed. The clear ip audit statistics command is not as heinous as the previous clear command. If you simply need to reset the statistics being tracked by the router for IDS, issue the clear ip audit statistics command. |