Cisco IPS-4255-K9 Installation Guide - Page 367
Understanding the show events Command, Displaying Events, show events, clear events, alert
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 367 highlights
Chapter A Troubleshooting Gathering Information • evLogTransaction-Record of control transactions processed by each sensor application • evShunRqst-Block requests Understanding the show events Command The show events command is useful for troubleshooting event capture issues in which you are not seeing events in Event Viewer or Security Monitor. You can use the show events command to determine which events are being generated on the sensor to make sure events are being generated and that the fault lies with the monitoring side. You can clear all events from Event Store by using the clear events command. Here are the parameters for the show events command: sensor# show events alert Display local system alerts. error Display error events. hh:mm[:ss] Display start time. log Display log events. nac Display NAC shun events. past Display events starting in the past specified time. status Display status events. | Output modifiers. Displaying Events Use the show events [{alert [informational] [low] [medium] [high] [include-traits traits] [exclude-traits traits] [min-threat-rating min-rr] [max-threat-rating max-rr] | error [warning] [error] [fatal] | NAC | status}] [hh:mm:ss [month day [year]] | past hh:mm:ss] command to display events from Event Store. Events are displayed beginning at the start time. If you do not specify a start time, events are displayed beginning at the current time. If you do not specify an event type, all events are displayed. Note Events are displayed as a live feed. To cancel the request, press Ctrl-C. The following options apply: • alert-Displays alerts. Provides notification of some suspicious activity that may indicate an attack is in process or has been attempted. Alert events are generated by Analysis Engine whenever a signature is triggered by network activity. If no level is selected (informational, low, medium, or high), all alert events are displayed. • include-traits-Displays alerts that have the specified traits. • exclude-traits-Does not display alerts that have the specified traits. • traits-Trait bit position in decimal (0 to 15). • min-threat-rating-Displays events with a threat rating above or equal to this value. The default is 0. The valid range is 0 to 100. • max-threat-rating-Displays events with a threat rating below or equal to this value. The default is 100. The valid range is 0 to 100. • error-Displays error events. Error events are generated by services when error conditions are encountered. If no level is selected (warning, error, or fatal), all error events are displayed. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-89