Cisco IPS-4255-K9 Installation Guide - Page 330
TCP Reset Not Occurring for a Signature
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 330 highlights
Troubleshooting the Appliance Chapter A Troubleshooting severity=warning drain=main [zone/IdsEventStore] severity=debug drain=main [drain/main] type=syslog The syslog output is sent to the syslog facility local6 with the following correspondence to syslog message priorities: LOG_DEBUG, // debug LOG_INFO, // timing LOG_WARNING, // warning LOG_ERR, LOG_CRIT // error // fatal Note Make sure that your /etc/syslog.conf has that facility enabled at the proper priority. Caution The syslog is much slower than logApp (about 50 messages per second as opposed to 1000 or so). We recommend that you enable debug severity on one zone at a time. TCP Reset Not Occurring for a Signature Note TCP Resets are not supported over MPLS links or the following tunnels: GRE, IPv4 in IPv4, IPv6 in IPv4, or IPv4 in IPv6. If you do not have the event action set to reset, the TCP reset does not occur for a specific signature. To troubleshoot a reset not occurring for a specific signature, follow these steps: Step 1 Step 2 Log in to the CLI. Make sure the event action is set to TCP reset. sensor# configure terminal sensor(config)# service signature-definition sig0 sensor(config-sig)# signatures 1000 0 sensor(config-sig-sig)# engine atomic-ip sensor(config-sig-sig-ato)# event-action reset-tcp-connection|produc-alert sensor(config-sig-sig-ato)# show settings atomic-ip event-action: produce-alert|reset-tcp-connection default: produce-alert fragment-status: any specify-l4-protocol no A-52 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01