sorry, i type to confus ip address in topo
My topo network: sniffer mode (not use HA)
(inside)
PixCisco----------Switch--------------|--SunOS 5.8 (idp manager server- 192.168.2.13)
port gmt | | eth2 |
| | |--UI (192.168.2.46)
NS-200-IDP
(192.168.2.14)
When i had restart serviecs idp,snmpd,syslog and they running ok, not alert anything:
*******
Creating virtual circuit for eth2
Sniffer mode enabled for vc 'eth2'
Trying to load last policy [testIDP]...Policy compiled successfully.
Verifying rulebase 'Traffic Anomalies':
'Traffic Anomalies' verified successfully.
Verifying rulebase 'SYN-Protector':
'SYN-Protector' verified successfully.
Verifying rulebase 'Main':
Rule 1: Cannot perform 'drop' action in sniffer mode
Verifying rulebase 'Backdoor Detection':
'Backdoor Detection' verified successfully.
Verifying antispoofing rules:
Antispoofing may not work properly in sniffer mode
done
Starting idpLogReader..............................OK
Starting slogd.....................................OK
Starting sciod.....................................OK
Starting statusForwarder...........................OK
Starting logForwarder..............................OK
Starting sessionFetcher............................OK
Starting dLogPurger................................OK
[root@idp admin]#
Apr 10 15:00:09 idp snmpd: snmpd shutdown succeeded
Apr 10 15:00:09 idp ucd-snmp[25419]: UCD-SNMP version 4.2.5
Apr 10 15:00:10 idp snmpd: snmpd startup succeeded
Apr 10 15:01:03 idp syslogd 1.4.1: restart.
Apr 10 15:01:03 idp syslog: syslogd startup succeeded
Apr 10 15:01:03 idp syslog: klogd startup succeeded
Please help me to solve this problem.
Thank all,
Brgs!