E-100
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix E Troubleshooting
Gathering Information
The following options apply:
• alert—Displays alerts. Provides notification of some suspicious activity that may indicate an attack
is in process or has been attempted. Alert events are generated by the Analysis Engine whenever a
signature is triggered by network activity. If no level is selected (informational, low, medium, or
high), all alert events are displayed.
• include-traits—Displays alerts that have the specified traits.
• exclude-traits—Does not display alerts that have the specified traits.
• traits—Specifies the trait bit position in decimal (0 to 15).
• min-threat-rating—Displays events with a threat rating above or equal to this value. The default is
0. The valid range is 0 to 100.
• max-threat-rating—Displays events with a threat rating below or equal to this value. The default
is 100. The valid range is 0 to 100.
• error—Displays error events. Error events are generated by services when error conditions are
encountered. If no level is selected (warning, error, or fatal), all error events are displayed.
• NAC—Displays the ARC (block) requests.
Note The ARC is formerly known as NAC. This name change has not been completely
implemented throughout the IDM, the IME, and the CLI for Cisco IPS 7.1.
• status—Displays status events.
• past—Displays events starting in the past for the specified hours, minutes, and seconds.
• hh:mm:ss—Specifies the hours, minutes, and seconds in the past to begin the display.
Note The show events command continues to display events until a specified event is available. To exit, press
Ctrl-C.
Displaying Events
To display events from the Event Store, follow these steps:
Step 1 Log in to the CLI.
Step 2 Display all events starting now. The feed continues showing all events until you press Ctrl-C.
sensor# show events
evError: eventId=1041472274774840147 severity=warning vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 12075
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errWarning received fatal alert: certificate_unknown
evError: eventId=1041472274774840148 severity=error vendor=Cisco
originator:
hostId: sensor2
appName: cidwebserver
appInstanceId: 351
time: 2011/01/07 04:41:45 2011/01/07 04:41:45 UTC
errorMessage: name=errTransport WebSession::sessionTask(6) TLS connection exception:
handshake incomplete.
Comments to this Manuals