Chapter 18. Troubleshooting IDM and IDSIPS Management Console (IDSIPS MC)

Chapter 18. Troubleshooting IDM and IDS/IPS Management Console (IDS/IPS MC)

To take advantage of the full functionality intrusion detection system (IDS/IPS) sensors, you need two pieces of software: a management utility for configuring the sensor, and a reporting utility for viewing alarms generated by the sensor. The IDS/IPS sensors come loaded with an Intrusion Detection Manager (IDM) for configuration. For alarm viewing, the Intrusion Detection Event Viewer (IEV) can be downloaded free of charge (IEV is discussed in detail in Chapter 22, "Troubleshooting IEV and Security Monitors"). In summary, IDM is the management piece, and IEV is the reporting tool for small deployment (typically 1-2 sensors). As with IDM, you can configure only one sensor; however, this does not scale very well for large deployments. Hence, IDS/IPS Management Console (IDS/IPS MC), which is a component of VPN and Security Management Solution (VMS), is used to manage multiple sensors, and Security Monitor is used as a reporting tool for multiple sensors (IEV can be used for up to 5 sensors). This chapter delves into the details of both the management utility and comprehensive troubleshooting steps for IDM and the IDS/IPS MC on Windows platform.