E-99
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Gathering Information
• Displaying Events, page E-99
• Clearing Events, page E-102
Sensor Events
There are five types of events:
• evAlert—Intrusion detection alerts
• evError—Application errors
• evStatus—Status changes, such as an IP log being created
• evLogTransaction—Record of control transactions processed by each sensor application
• evShunRqst—Block requests
Events remain in the Event Store until they are overwritten by newer events.
Understanding the show events Command
The show events command is useful for troubleshooting event capture issues in which you are not seeing
events in Event Viewer or Security Monitor. You can use the show events command to determine which
events are being generated on the sensor to make sure events are being generated and that the fault lies
with the monitoring side.
You can clear all events from Event Store by using the clear events command.
Here are the parameters for the show events command:
sensor# show events
<cr>
alert Display local system alerts.
error Display error events.
hh:mm[:ss] Display start time.
log Display log events.
nac Display NAC shun events.
past Display events starting in the past specified time.
status Display status events.
| Output modifiers.
Displaying Events
Note The Event Store has a fixed size of 30 MB for all platforms.
Note Events are displayed as a live feed. To cancel the request, press Ctrl-C.
Use the show events [{alert [informational] [low] [medium] [high] [include-traits traits]
[exclude-traits traits] [min-threat-rating min-rr] [max-threat-rating max-rr] | error [warning]
[error] [fatal] | NAC | status}] [hh:mm:ss [month day [year]] | past hh:mm:ss] command to display
events from Event Store. Events are displayed beginning at the start time. If you do not specify a start
time, events are displayed beginning at the current time. If you do not specify an event type, all events
are displayed.
Comments to this Manuals