Intrusion Prevention

  • 1.  help me about config 'management server' at preference settings of IDP 200

    Posted 04-09-2010 01:32

    Hi all,

    I am having problems in NS-IDP-200 when I access UI, includes:
          1/ Component 'Log Viewer' not display logs record, not active and i can not create new report from it
          2/ I do not know how  to configure 'Management Server' in directory 'tools->preferences->Management server'

    Many days, i had tryed to solved but not successful. Please everybody help me!!!


    Thank you so much!



  • 2.  RE: help me about config 'management server' at preference settings of IDP 200
    Best Answer

    Posted 04-09-2010 10:10

    I believe it is thinking that SNMP and Syslog hosts are a different server, external to the NSM. Do you have those on your network?

     

    Regards,

    BR



  • 3.  RE: help me about config 'management server' at preference settings of IDP 200

    Posted 04-10-2010 00:39

    I also think so. But i do not know how to make correct 'Script Name' at directory: Tools->Preference->Management Server->Global Logging->Script Name.

     

    I am intenting place ip address of idp management server at this directory:

        1/Tools->Preference->Management Server->SNMP->Manager

        2/Tools->Preference->Management Server->SNMP->Community

        3/Tools->Preference->Management Server->Syslog->Host

     

    My topo network: sniffer mode (not use HA)

     

                                   PixCisco----------Switch--------------|--SunOS 5.8 (idp manager server- 192.168.2.13)

                                                 port gmt |          | eth2         |

                                                                 |          |                  |--UI (192.168.2.46)

                                                               NS-200-IDP

                                                (192.168.2.13)     

     

     

    Thanks for your helps,

    Best Regards!

     

     

     

     



  • 4.  RE: help me about config 'management server' at preference settings of IDP 200

    Posted 04-10-2010 01:10

    sorry, i type to confus ip address in topo

    My topo network: sniffer mode (not use HA)

     

                                                                               (inside)

                                   PixCisco----------Switch--------------|--SunOS 5.8 (idp manager server- 192.168.2.13)

                                                 port gmt |          | eth2         |

                                                                  |          |                  |--UI (192.168.2.46)

                                                                NS-200-IDP

                                                (192.168.2.14)    

     

    When i had restart serviecs idp,snmpd,syslog  and they running ok, not alert anything:

     

    *******

    Creating virtual circuit for eth2
    Sniffer mode enabled for vc 'eth2'
    Trying to load last policy [testIDP]...Policy compiled successfully.
     
    Verifying rulebase 'Traffic Anomalies':
    'Traffic Anomalies' verified successfully.
     
    Verifying rulebase 'SYN-Protector':
    'SYN-Protector' verified successfully.
     
    Verifying rulebase 'Main':
    Rule 1: Cannot perform 'drop' action in sniffer mode
    Verifying rulebase 'Backdoor Detection':
    'Backdoor Detection' verified successfully.
     
    Verifying antispoofing rules:
    Antispoofing may not work properly in sniffer mode
    done
    Starting idpLogReader..............................OK
    Starting slogd.....................................OK
    Starting sciod.....................................OK
    Starting statusForwarder...........................OK
    Starting logForwarder..............................OK
    Starting sessionFetcher............................OK
    Starting dLogPurger................................OK
    [root@idp admin]#  
     
     
    Apr 10 15:00:09 idp snmpd: snmpd shutdown succeeded
    Apr 10 15:00:09 idp ucd-snmp[25419]: UCD-SNMP version 4.2.5  
    Apr 10 15:00:10 idp snmpd: snmpd startup succeeded
    Apr 10 15:01:03 idp syslogd 1.4.1: restart.
    Apr 10 15:01:03 idp syslog: syslogd startup succeeded
    Apr 10 15:01:03 idp syslog: klogd startup succeeded

     

    Please help me to solve this problem.

    Thank all,

    Brgs!



  • 5.  RE: help me about config 'management server' at preference settings of IDP 200

    Posted 04-14-2010 13:15

    Sapphire:

     

    I do not see this directory on the IDP, and I not see that path on the NSM GUI, under Tools -> Preferences. Hopefully someone from the NSM team can jump in and be of assistance.

     

    Regards,

    BR