Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual page 492

Gathering Information
time: 2003/01/08 02:41:00 2003/01/08 02:41:00 UTC
syslogMessage:
Clearing Events
Use the clear events command to clear Event Store.
To clear events from Event Store, follow these steps:
Log in to the CLI using an account with administrator privileges.
Step 1
Clear Event Store:
Step 2
sensor# clear events
Warning: Executing this command will remove all events currently stored in the event
store.
Continue with clear? []:
Type
Step 3
cidDump Script
If you do not have access to IDM or the CLI, you can run the underlying script cidDump from the Service
account by logging in as root and running /usr/cids/idsRoot/bin/cidDump. The cidDump file's path is
/usr/cids/idsRoot/htdocs/private/cidDump.html.
cidDump is a script that captures a large amount of information including the IPS processes list, log files,
OS information, directory listings, package information, and configuration files.
To run the cidDump script, follow these steps:
Log in to the sensor service account.
Step 1
Su to root using the Service account password.
Step 2
Step 3 Type cidDump /usr/cids/idsRoot/bin/cidDump.
Step 4 Compress the resulting /usr/cids/idsRoot/log/cidDump.html file:
gzip /usr/cids/idsRoot/log/cidDump.html
Step 5 Send the resulting HTML file to TAC or the IPS developers in case of a problem.
For the procedure, see
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
C-66
appName: login(pam_unix)
appInstanceId: 2315
description: session opened for user cisco by cisco(uid=0)
to clear the events.
yes
Uploading and Accessing Files on the Cisco FTP Site, page
Appendix C Troubleshooting
C-67.
78-16527-01