To use sdee the http server must be enabled with the

This preview shows page 11 - 13 out of 48 pages.

To use SDEE, the HTTP server must be enabled with the ip http server command. If the HTTP server is not enabled, the router cannot respond to the SDEE clients because it cannot see the requests. SDEE notification is disabled by default and must be explicitly enabled. Note: CCP Monitor uses HTTP and SDEE to capture IPS events. To enable SDEE, use the following command. R1(config)# ip ips notify sdee Step 4: Enable IPS syslog support. IOS IPS also supports the use of syslog to send event notification. SDEE and syslog can be used independently or enabled at the same time to send IOS IPS event notification. Syslog notification is enabled by default. a. If console logging is enabled, you see IPS syslog messages. Enable syslog if it is not enabled. R1(config)# ip ips notify log b. Use the show clock command to verify the current time and date for the router. Use the clock set command from privileged EXEC mode to reset the clock if necessary. The following is an example of how to set the clock. R1# clock set 01:20:00 6 january 2009 c. Verify that the timestamp service for logging is enabled on the router using the show run command. Enable the timestamp service if it is not enabled. R1(config)# service timestamps log datetime msec d. To send log messages to the syslog server on PC-A, use the following command: R1(config)# logging 192.168.1.3 e. To see the type and level of logging enabled on R1, use the show logging command. R1# show logging Note: Verify that you have connectivity between R1 and PC-A by pinging from PC-A to the R1 Fa0/1 interface IP address 192.168.1.1. If it is not successful, troubleshoot as necessary before continuing. The next step describes how to download one of the freeware syslog servers if one is not available on PC-A. Step 5: (Optional) Download and start the syslog server. If a syslog server is not currently available on PC-A, you can download the latest version of Kiwi from ht t p: / / ww w . k i w i s y s l o g .com or Tftpd32 from http: / /t f tpd 3 2. j ou n in. n et / . If the syslog server is available on the PC, go to Step 6. Note: This lab uses the Tftpd32 syslog server. Start the syslog server software on PC-A if you want to send log messages to it.
Step 6: Configure IOS IPS to use one of the pre-defined signature categories. IOS IPS with Cisco 5.x format signatures operates with signature categories, just like Cisco IPS appliances do. All signatures are pregrouped into categories, and the categories are hierarchical. This helps classify signatures for easy grouping and tuning. Warning: The “all” signature category contains all signatures in a signature release. Because IOS IPS cannot compile and use all the signatures contained in a signature release at one time, do not unretire the “all” category. Otherwise, the router will run out of memory.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture