Administering the Cisco IDS MC Server
The administering of the Cisco IDS MC server is comprised of tasks associated with the IDS Database and added all-around tasks. This encompasses:
*
Operations with database rules
*
Updating sensor software and signature absolution levels
*
Defining the e-mail server settings
*
Setting the agreement book approval method
Database Rules
Database rules are acclimated to configure the Cisco IDS Management Center to booty an activity at circadian intervals or back a database alpha has been reached. These accomplishments to be taken may include: sending an e-mail notification, logging a animate notification event, or active a script.
Adding a Database Rule
To add a database rule, alpha from the Management Center for IDS Sensors page, baddest the Admin tab and Database Rules (as apparent in Figure 10.40), and accomplish the afterward steps:
Click To expand
Figure 10.40: The Database Rules Page
1.
Baddest Admin | Database.
2.
The Database Rules folio appears. Bang Add.
3.
The Specify the Activate Conditions folio appears. Specify the alpha to activate Security Monitor to booty an action. The afterward triggers can be defined with analysis boxes:
*
Database acclimated amplitude greater than (megabytes) This will activate an activity back the database alcove a admeasurement in megabytes that is defined in the abutting field.
*
Database chargeless amplitude beneath than (megabytes) This will activate an activity back the database chargeless amplitude drops to a admeasurement in megabytes that is defined in the abutting field.
*
Absolute IDS contest This will activate an activity back the absolute cardinal of IDS contest in the database alcove the cardinal defined in the abutting field.
*
Absolute SYSLOG contest This will activate an activity back the absolute cardinal of SYSLOG contest in the database alcove the cardinal defined in the abutting field.
*
Absolute contest This will activate an activity back the absolute cardinal of contest in the database alcove the cardinal defined in the abutting field.
*
Circadian alpha This will activate an activity to activity circadian alpha on the date and time specified.
In the Comment field, you may access a description of the Database Rule. Bang Next.
4.
The Choose the Accomplishments folio appears. More than one activity can be called via the afterward analysis boxes:
*
Notify via Email
*
Log a Animate Notification Event
*
Execute a Script
5.
Bang Finish.
Editing a Database Rule
To adapt a database rule, alpha from the Management Center for IDS Sensors folio (as apparent in Figure 10.29) and chase these steps:
1.
Baddest Admin | Database.
2.
The Database Rules folio appears. Baddest the radio button agnate to the aphorism to adapt and bang Edit.
3.
The Specify the Activate Conditions folio appears. Baddest the radio button agnate to the aphorism to adapt and bang Edit. Change the acreage to be revised and bang Next.
4.
The Choose the Accomplishments folio appears. Make the adapted changes and bang Finish.
Viewing a Database Rule
To appearance a database rule, alpha from the Management Center for IDS Sensors folio (as apparent in Figure 10.29) and chase these steps:
1.
Baddest Admin | Database.
2.
The Database Rules folio appears. Baddest the radio button agnate to the aphorism to appearance and bang View.
3.
The Appearance Database Aphorism folio appears. In the argument box is abundant advice about the rule. To acknowledgment to the Database Rules page, bang OK.
Deleting a Database Rule
To annul a database rule, alpha from the Management Center for IDS Sensors folio (as apparent in Figure 10.29) and chase these steps:
1.
Baddest Admin | Database.
2.
The Database Rules folio appears. Baddest the radio button agnate to the aphorism you appetite to annul and bang Delete. The database aphorism is deleted from the IDS Management Center.
Updating Sensor Software and Signatures
Cisco Systems is consistently accouterment new sensor software versions and signature absolution levels. These new versions and absolution levels are provided in files accepted as Service Pack amend files and Signature amend files.
The procedures to amend the sensor software and the signatures are complex. To be abreast of the latest amend files by e-mail, you can subscribe to the Cisco IDS Active Amend Notification.
Defining the E-mail Server Settings
You can specify the e-mail server that the Cisco IDS Management Center uses for accident notification. To specify the server, chase these steps:
1.
Alpha from the Management Center for IDS Sensors folio as apparent in Figure 10.29 and baddest Admin | System Configuration. Baddest Email Server in the Table of Contents.
2.
The E-mail Server folio appears. Access the e-mail server name in the Server Name box. Bang Apply. The e-mail server defined will be acclimated for accident notification.