Cisco IPS-4255-K9 Installation Guide - Page 370
Clearing Events, cidDump Script
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 370 highlights
Gathering Information Chapter A Troubleshooting syslogMessage: description: session opened for user cisco by cisco(uid=0) Clearing Events Use the clear events command to clear Event Store. To clear events from Event Store, follow these steps: Step 1 Step 2 Step 3 Log in to the CLI using an account with administrator privileges. Clear Event Store. sensor# clear events Warning: Executing this command will remove all events currently stored in the event store. Continue with clear? []: Enter yes to clear the events. cidDump Script If you do not have access to IDM, IME, or the CLI, you can run the underlying script cidDump from the Service account by logging in as root and running /usr/cids/idsRoot/bin/cidDump. The path of the cidDump file is /usr/cids/idsRoot/htdocs/private/cidDump.html. cidDump is a script that captures a large amount of information including the IPS processes list, log files, OS information, directory listings, package information, and configuration files. To run the cidDump script, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Log in to the sensor Service account. Su to root using the Service account password. Enter the following command. /usr/cids/idsRoot/bin/cidDump Enter the following command to compress the resulting /usr/cids/idsRoot/log/cidDump.html file. gzip /usr/cids/idsRoot/log/cidDump.html Send the resulting HTML file to TAC or the IPS developers in case of a problem. For More Information For the procedure for putting a file on the Cisco FTP site, see Uploading and Accessing Files on the Cisco FTP Site, page A-93. A-92 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01