Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Administering the Cisco IDS MC Server

Administering the Cisco IDS MC Server

Nov 26,2008 by admin

small font medium font large font
image

Administering the Cisco IDS MC Server

The administration of the Cisco IDS MC server is comprised of tasks associated with the IDS Database and other global tasks. This encompasses:

  • Operations with database rules

  • Updating sensor software and signature release levels

  • Defining the e-mail server settings

  • Setting the configuration file approval method

Database Rules

Database rules are used to configure the Cisco IDS Management Center to take an action at daily intervals or when a database threshold has been reached. These actions to be taken may include: sending an e-mail notification, logging a console notification event, or executing a script.

Adding a Database Rule

To add a database rule, start from the Management Center for IDS Sensors page, select the Admin tab and Database Rules (as shown in Figure 10.40), and perform the following steps:

Click To expand
Figure 10.40: The Database Rules Page

  1. Select Admin | Database.

  2. The Database Rules page appears. Click Add.

  3. The Specify the Trigger Conditions page appears. Specify the threshold to trigger Security Monitor to take an action. The following triggers can be specified with check boxes:

    • Database used space greater than (megabytes) This will trigger an action when the database reaches a size in megabytes that is specified in the next field.

    • Database free space less than (megabytes) This will trigger an action when the database free space drops to a size in megabytes that is specified in the next field.

    • Total IDS events This will trigger an action when the total number of IDS events in the database reaches the number specified in the next field.

    • Total SYSLOG events This will trigger an action when the total number of SYSLOG events in the database reaches the number specified in the next field.

    • Total events This will trigger an action when the total number of events in the database reaches the number specified in the next field.

    • Daily beginning This will trigger an action to occur daily beginning on the date and time specified.

    In the Comment field, you may enter a description of the Database Rule. Click Next.

  4. The Choose the Actions page appears. More than one action can be selected via the following check boxes:

    • Notify via Email

    • Log a Console Notification Event

    • Execute a Script

  5. Click Finish.

Editing a Database Rule

To edit a database rule, start from the Management Center for IDS Sensors page (as shown in Figure 10.29) and follow these steps:

  1. Select Admin | Database.

  2. The Database Rules page appears. Select the radio button corresponding to the rule to edit and click Edit.

  3. The Specify the Trigger Conditions page appears. Select the radio button corresponding to the rule to edit and click Edit. Change the field to be revised and click Next.

  4. The Choose the Actions page appears. Make the desired changes and click Finish.

Viewing a Database Rule

To view a database rule, start from the Management Center for IDS Sensors page (as shown in Figure 10.29) and follow these steps:

  1. Select Admin | Database.

  2. The Database Rules page appears. Select the radio button corresponding to the rule to view and click View.

  3. The View Database Rule page appears. In the text box is detailed information about the rule. To return to the Database Rules page, click OK.

Deleting a Database Rule

To delete a database rule, start from the Management Center for IDS Sensors page (as shown in Figure 10.29) and follow these steps:

  1. Select Admin | Database.

  2. The Database Rules page appears. Select the radio button corresponding to the rule you want to delete and click Delete. The database rule is deleted from the IDS Management Center.

Updating Sensor Software and Signatures

Cisco Systems is constantly providing new sensor software versions and signature release levels. These new versions and release levels are provided in files known as Service Pack update files and Signature update files.

The procedures to update the sensor software and the signatures are complex. To be informed of the latest update files by e-mail, you can subscribe to the Cisco IDS Active Update Notification.

Defining the E-mail Server Settings

You can specify the e-mail server that the Cisco IDS Management Center uses for event notification. To specify the server, follow these steps:

  1. Start from the Management Center for IDS Sensors page as shown in Figure 10.29 and select Admin | System Configuration. Select Email Server in the Table of Contents.

  2. The E-mail Server page appears. Enter the e-mail server name in the Server Name box. Click Apply. The e-mail server specified will be used for event notification.


228 times read

Related news
» Reviewing Configuration Files
by admin posted on Nov 26,2008
» Client Installation Requirements
by admin posted on Nov 26,2008
» Deleting Sensor Subgroups
by admin posted on Nov 26,2008
» Creating Sensor Subgroups
by admin posted on Nov 26,2008
» Managing Alarms
by alperen posted on Mar 17,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.