© 2005 Cisco Systems, Inc. All rights reserved. IPS v5.012-1 Lesson 12 Monitoring the Sensor.

Презентация:



Advertisements
Похожие презентации
© 2005 Cisco Systems, Inc. All rights reserved. IPS v Lesson 5 Configuring the Sensor.
Advertisements

© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 7 Using the Intrusion Detection System Device Manager to Configure the Sensor.
© 2005 Cisco Systems, Inc. All rights reserved. IPS v Lesson 11 Maintaining the Sensor.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 12 Cisco Intrusion Detection System Maintenance.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 13 Configure the Cisco Virtual Private Network 3002 Hardware Client for Software.
1 © 2005 Cisco Systems, Inc. All rights reserved. Implementing Intrusion Prevention Systems.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Configuring a Router.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 2005, Cisco Systems, Inc. All rights reserved. IPS v Lesson 4 Using IPS Device Manager.
© 2005 Cisco Systems, Inc. All rights reserved. IDS v Lesson 3 Getting Started with the IPS Command-Line Interface.
© 2006 Cisco Systems, Inc. All rights reserved.CIPT2 v Monitor and Manage IP Telephony Introducing Cisco Unified CallManager Serviceability.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 3 Cisco PIX Firewall Technology and Features.
1 © 2005 Cisco Systems, Inc. All rights reserved. Implementing Intrusion Prevention Systems.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Managing Cisco Devices.
© 2006 Cisco Systems, Inc. All rights reserved. BSCI v Manipulating Routing Updates Implementing Advanced Cisco IOS Features: Configuring DHCP.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2001, Cisco Systems, Inc. CSIDS Chapter 8 Sensor Configuration.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Discovering Neighbors on the Network.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
Транксрипт:

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Lesson 12 Monitoring the Sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Using the CLI to Monitor the Sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Obtaining Information About Your Sensor You can use the sensor CLI to obtain the following information about your sensor: PEP information Service statistics Interface statistics Details about traffic traversing an interface Tech support information

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Displaying PEP Information show inventory sensor# Displays PEP information for the sensor hardware sensor# show inventory NAME: "Chassis", DESCR: "Chasis-4240" PID: E, VID: V04, SN: Displays the product identifier, version identifier, and serial number of the local 4240 sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Displaying Service Statistics Displays statistics for the specified option show statistics { analysis-engine | authentication | denied-attackers | event-server | event-store| host | logger | network-access | notification | sdee-server | transaction-source |virtual-sensor [name]| web-server } [ clear ] sensor# sensor# show statistics authentication General totalAuthenticationAttempts = 9 failedAuthenticationAttempts = 0 Displays authentication statistics

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Displaying Interface Statistics Displays statistics for system interfaces show interfaces {fastethernet | gigabitethernet | management } [slot/port] sensor# sensor# show interfaces FastEthernet0/1 Displays statistics for the Fast Ethernet 0/1 interface

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Capturing Traffic from an Interface packet capture interface-name [snaplen length] [count count] [expression expression] sensor# sensor1# packet capture FastEthernet0/1 Warning: This command will cause significant performance degradation tcpdump: WARNING: fe0_1: no IPv4 address assigned tcpdump: listening on fe0_1, link-type EN10MB (Ethernet), capture size bytes 15 packets captured 15 packets received by filter 0 packets dropped by kernel Captures traffic on Fast Ethernet 0/1 Captures traffic on an interface in real time

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Displaying Traffic Captured from an Interface sensor# Displays a previously captured file packet display packet-file [verbose] [expression expression] packet display file-info Displays information about a previously captured file sensor# packet display interface-name [snaplen length] [count count] [verbose] [expression expression] Displays live traffic as it passes the specified interface sensor#packet display FastEthernet0/1 expression host Displays traffic passing through Fast Ethernet 0/1 only if its source or destination is host packet display iplog id [verbose] [expression expression] Displays an existing IP log sensor#

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Displaying Tech Support Information sensor# show tech-support destination-url show tech-support[page][password][destination-url destination-url] sensor# Displays the current system status Places the tech support output in the file ~ipsuser/reports/sensor1Report.html.

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Using the CLI to Monitor the Sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Running a Diagnostics Report Monitoring Diagnostics Report Support Information Generate Report

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing Statistics Monitoring Support Information Statistics Refresh

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Viewing System Information Monitoring Support Information System Information Refresh

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Configuring SNMP Monitoring Configuration Enable SNMP Gets/Sets SNMP SNMP General Configuration Apply Reset Read-Only Community String Read-Write Community String Sensor Contact Sensor Location Sensor Agent Port Sensor Agent Protocol

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary The 4240 and 4255 sensor contain a UDI, which provides the following benefits: –Gives you the ability to electronically inventory Cisco products accurately and reliably –Simplifies product identification –Provides consistent product identification across products You can retrieve the UDI, a deliverable of the Cisco PEP via the show inventory command. The CLI contains the following useful troubleshooting commands: –show statistics: Provides a snapshot of the current internal state of sensor services –show interfaces: Provides statistics for sensor interfaces –packet: Captures or displays live traffic on an interface –show tech-support: Captures all status and configuration information on the sensor

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Summary (Cont.) The IDM enables you to monitor your sensor as follows: –Run a diagnostics report –View statistics for sensor services –View TAC contact information and system information such as the following: Type of sensor Software version Upgrades installed PEP information You can configure your sensor to be monitored by SNMP.

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Lab Exercise

© 2005 Cisco Systems, Inc. All rights reserved. IPS v Q.0 Lab Visual Objective Q Web FTP RBB Q P.0.4 sensorQ Student PC 10.0.Q.12 RTS sensorP Student PC 10.0.P.12 RTS P.0 rPrQ prQ prP 10.0.P.0