RE: CISCO IDS Packet capture

["Alex Arndt" <aarndt () rogers com>]

Comments in-line below...

> -----Original Message-----
> From: Strand, John [mailto:John.Strand () mms gov]
> Sent: April 2, 2004 8:36 AM
> To: focus-ids () securityfocus com
> Subject: CISCO IDS Packet capture
>
> Hello All,
>
> Does anyone know how to enable some level of packet capture and logging on
> the CISCO IDS system (the newer version which interfaces with
> CiscoWorks and
> can run on Win2K)? I have hunted through the CISCO provided PDF's
> and their
> a little on the light side. I also have hit the usual suspects, google,
> CISCO groups, etc..

The feature you're referring to is known as "IP Logging" in Cisco's
documentation. You can find exactly how to configure it here (beware of
line wrap):

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_
and_configuration_guide_chapter09186a00801a0c3c.html#255

This information is made available under the "IDS Device Monitoring Tasks"
section of the "Installing and Using the Cisco Intrusion Detection System
Device Manager and Event Viewer Version 4.1" online documentation that is
available here (beware of line wrap):
http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_
and_configuration_guide_book09186a00801a0c31.html

> Thanks in advance for any help.
>
>
> js

You're welcome - I hope this info helps!

Alex Arndt
CISSP, GCIA

"Within all order is the potential for chaos..."


---------------------------------------------------------------------------

---------------------------------------------------------------------------