Foundation Summary

Maintaining the latest Cisco IPS software version is important to maintaining an effective security posture. To display the version of software running on a sensor, you use the show version sensor CLI command. This command displays various characteristics about the sensor, such as the following:

  • Sensor uptime

  • Recovery partition software version

  • Current sensor software version

  • Previous sensor software version

The show configuration sensor CLI command displays the current configuration of the sensor. The configuration is divided into the following service categories that correspond to the global configuration service CLI command:

  • analysis engine

  • authentication

  • event-action-rules

  • host

  • interface

  • logger

  • network-access

  • notification

  • signature-definition

  • ssh-known-hosts

  • trusted-certificates

  • web-server

The show inventory command shows the Product Evolution Program (PEP) information, such as the following:

  • Orderable Product ID (PID)

  • Version ID (VID)

  • Serial Number (SN)

The operational statistics fall into the following categories (specified as keywords on the show statistics command):

  • analysis-engine

  • authentication

  • denied-attackers

  • event-server

  • event-store

  • host

  • logger

  • network-access

  • notification

  • sdee-server

  • transaction-server

  • transaction-source

  • virtual-sensor

  • web-server

You can view this information by using the show statistics CLI command.

Through the CLI, you can view events generated on the sensor by using the show events command. This command enables you to selectively display events based on the keywords shown in Table 12-7.

Table 12-7. show events Command Keywords




Displays local system alerts


Displays error events


Displays log events


Displays Network Access Controller (NAC) blocking events


Displays status events

Appending the | character (known as a pipe in UNIX terminology) to many CLI commands enables you to limit the output when you use one of the keywords shown in Table 12-8.

Table 12-8. show events Output Keywords




Begins displaying events with a line that matches the specified criteria


Includes only events that match the specified criteria


Excludes any events that match the specified criteria

Besides using the CLI, you can use IDM to display sensor events. When choosing the time frame for events in IDM, you can choose one of the following options:

  • All events in the Event Store

  • Events a specified number of hours or minutes in the past

  • Events in a specified date and time range

Using the show interfaces CLI command, you can check the status of the interfaces on your IPS sensor. The packet capture and packet display CLI commands enable you to capture packets on specific sensor interfaces.

Using the show tech-support command, you can display a comprehensive list of status and system information about your sensor. This command consolidates the output from the following commands and other data sources:

  • show configuration

  • show version

  • Debug logs

  • XML configuration files

The IDM diagnostic report provides the same information as the show tech-support CLI command.

You can configure SNMP access to your sensor by using the service notification sensor CLI global configuration command, which has the options listed in Table 12-9.

Table 12-9. service notification Configuration Parameters




Removes the size limits on traps sent, as opposed to those in sparse mode (fewer than 484 bytes)


Enables (or disables) SNMP event notifications


Enables (or disables) the ability of your management software to use SNMP sets and gets


Enables you to determine which errors generate SNMP traps (options are warning, error, and fatal)


Sets the read-only community name string


Sets the read-write community name string


Sets the port at which the SNMP agent will listen for requests from your management software


Determines whether SNMP requests use TCP or UDP


Identifies the contact information for the sensor


Identifies the location of the sensor


Specifies the name used when sending traps if no name is specified when defining trap destinations


IP address to receive generated traps

CCSP IPS Exam Certification Guide
CCSP IPS Exam Certification Guide
ISBN: 1587201461
EAN: 2147483647
Year: 2004
Pages: 119
Authors: Earl Carter © 2008-2017.
If you may any questions please contact us: