Configuring Automatic Ip Logging - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Automatic IP Logging

Configuring Automatic IP Logging
Use the ip-log-packets number, ip-log-time number, and ip-log-bytes number commands to configure
automatic IP logging parameters on the sensor.
The following options apply:
•
•
•
An automatic IP log continues capturing packets until one of these parameters is reached.
Note
To reset the parameters, use the default keyword. To copy and view an IP log file, see
Files to Be Viewed, page
Automatic IP logging is configured on a per signature basis or as an event action override. The following
actions trigger automatic IP logging:
•
•
•
For more information, see
To configure automatic IP logging parameters, follow these steps:
Log in to the CLI using an account with administrator or operator privileges.
Step 1
Enter signature IP log configuration submode:
Step 2
sensor# configure terminal
sensor(config)# service signature-definition sig0
sensor(config-sig)# ip-log
Configure the number of packets you want the sensor to log:
Step 3
sensor(config-sig-ip)# ip-log-packets 200
Configure the duration you want the sensor to log packets:
Step 4
sensor(config-sig-ip)# ip-log-time 60
Step 5 Configure the number of bytes you want logged:
sensor(config-sig-ip)# ip-log-bytes 5024
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
8-2
ip-log-packets—Identifies the number of packets you want logged.
The valid value is 0 to 65535. The default is 0.
ip-log-time—Identifies the duration you want the sensor to log packets.
The valid value is 0 to 65535 minutes. The default is 30 minutes.
ip-log-bytes —Identifies the maximum number of bytes you want logged.
The valid value is 0 to 2147483647. The default is 0.
8-6.
log-attacker-packets
log-victim-packets
log-pair-packets
Chapter 6, "Configuring Event Action Rules."
Chapter 8 Configuring IP Logging
Copying IP Log
78-16527-01