Chapter 22. Troubleshooting IEV and Security Monitors

The Security Monitor (also known as SecMon) is a component that is installed on top of CiscoWorks Common Services (see Chapter 17, "Troubleshooting CiscoWorks Common Services," for more details) to receive events, generate reports, and perform correlations. If you have more than three sensors, it is desirable to use a Security Monitor. However, with fewer than three sensors, you can use Intrusion Detection Event Viewer (IEV), which can be downloaded free. In addition to getting events from the IDS sensor (for example, sensor appliance, IOS IPS and so on), Security Monitor can also receive syslog messages from various devices such as Cisco Secure Private Internet Exchange (PIX) firewall, IOS Router, and so on. This additional capability motivates Security Administrators to deploy Security Monitor even with fewer than three sensors in the network. However, as Security Monitor is used primarily for receiving events and generating reports for IDS/IPS sensor, this chapter focuses primarily on how to configure and troubleshoot IDS/IPS-related issues with IEV and Security Monitor.

Cisco Network Security Troubleshooting Handbook
Cisco Network Security Troubleshooting Handbook
ISBN: 1587051893
EAN: 2147483647
Year: 2006
Pages: 190
Authors: Mynul Hoda

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: