Foundation Summary


Maintaining the latest Cisco IPS software version is important to maintaining an effective security posture. To display the version of software running on a sensor, you use the show version sensor CLI command. This command displays various characteristics about the sensor, such as the following:

  • Sensor uptime

  • Recovery partition software version

  • Current sensor software version

  • Previous sensor software version

The show configuration sensor CLI command displays the current configuration of the sensor. The configuration is divided into the following service categories that correspond to the global configuration service CLI command:

  • analysis engine

  • authentication

  • event-action-rules

  • host

  • interface

  • logger

  • network-access

  • notification

  • signature-definition

  • ssh-known-hosts

  • trusted-certificates

  • web-server

The show inventory command shows the Product Evolution Program (PEP) information, such as the following:

  • Orderable Product ID (PID)

  • Version ID (VID)

  • Serial Number (SN)

The operational statistics fall into the following categories (specified as keywords on the show statistics command):

  • analysis-engine

  • authentication

  • denied-attackers

  • event-server

  • event-store

  • host

  • logger

  • network-access

  • notification

  • sdee-server

  • transaction-server

  • transaction-source

  • virtual-sensor

  • web-server

You can view this information by using the show statistics CLI command.

Through the CLI, you can view events generated on the sensor by using the show events command. This command enables you to selectively display events based on the keywords shown in Table 12-7.

Table 12-7. show events Command Keywords

Keyword

Description

alert

Displays local system alerts

error

Displays error events

log

Displays log events

nac

Displays Network Access Controller (NAC) blocking events

status

Displays status events


Appending the | character (known as a pipe in UNIX terminology) to many CLI commands enables you to limit the output when you use one of the keywords shown in Table 12-8.

Table 12-8. show events Output Keywords

Keyword

Description

begin

Begins displaying events with a line that matches the specified criteria

include

Includes only events that match the specified criteria

exclude

Excludes any events that match the specified criteria


Besides using the CLI, you can use IDM to display sensor events. When choosing the time frame for events in IDM, you can choose one of the following options:

  • All events in the Event Store

  • Events a specified number of hours or minutes in the past

  • Events in a specified date and time range

Using the show interfaces CLI command, you can check the status of the interfaces on your IPS sensor. The packet capture and packet display CLI commands enable you to capture packets on specific sensor interfaces.

Using the show tech-support command, you can display a comprehensive list of status and system information about your sensor. This command consolidates the output from the following commands and other data sources:

  • show configuration

  • show version

  • Debug logs

  • XML configuration files

The IDM diagnostic report provides the same information as the show tech-support CLI command.

You can configure SNMP access to your sensor by using the service notification sensor CLI global configuration command, which has the options listed in Table 12-9.

Table 12-9. service notification Configuration Parameters

Keyword

Description

enable-detail-traps

Removes the size limits on traps sent, as opposed to those in sparse mode (fewer than 484 bytes)

enable-notifications

Enables (or disables) SNMP event notifications

enable-set-get

Enables (or disables) the ability of your management software to use SNMP sets and gets

error-filter

Enables you to determine which errors generate SNMP traps (options are warning, error, and fatal)

read-only-community

Sets the read-only community name string

read-write-community

Sets the read-write community name string

snmp-agent-port

Sets the port at which the SNMP agent will listen for requests from your management software

snmp-agent-protocol

Determines whether SNMP requests use TCP or UDP

system-contact

Identifies the contact information for the sensor

system-location

Identifies the location of the sensor

trap-community-name

Specifies the name used when sending traps if no name is specified when defining trap destinations

trap-destinations

IP address to receive generated traps




CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net