Cisco IDS 4210 Follow-up questions

A few weeks ago I posted asking for documentation links on the IDS

4210, I got some very useful links, thank you guys! I have a few more questions that the documentation just didn't make clear to me. How do event filters work? I get an event that I know is a false alert and I want to exclude it for the destination and source IPs I am seeing. I have an idea but I want to make sure.

If I apply a filter and set it with the SigID, DestIP, SourceIP, and exclusion set to no then thosealearts just won't trigger and won't be logged. If I do a filter and put a subSigID in and teh same settings as above then set exclusion those subSigs will be triggered, but not the others?

Is this correct? Is there a way to filter events out of the log based on SigID and Dest and Source IPs? Or do I have to clear the events and start over?

Are there any free tools that allow reporting from a Cisco IDS 4210 sensor and storage in a database?

And the last one, is there a way to delete a single (or group of) IP Logs?

I know this is a very old product, but for now we want to see if this works for us and maybe move on to a newer IDS or IPS solution.

Thanks in advance!


Reply to
Loading thread data ... Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.