RE: CISCO IDS Packet capture

["Billy Dodson" <billy () pmm-i com>]

I am uncertain if this is possible.  You can run a snoop command from
the shell and watch data.  If you tried to log all that data on the IDS
itself the hd would fill up in a matter of minutes.  There might be a
way to log it to a syslog server or something of that nature, but I have
never tried.  But if you just want to watch the data in real time you
can run that snoop command. 


Billy Dodson
Network Systems Engineer
Permian Micro Mart
3815 E. 52nd Street
Odessa, TX 79762
432.367.3239 - Direct Line
432.367.6179 x139

-----Original Message-----
From: Strand, John [mailto:John.Strand () mms gov] 
Sent: Friday, April 02, 2004 7:36 AM
To: focus-ids () securityfocus com
Subject: CISCO IDS Packet capture


Hello All,

Does anyone know how to enable some level of packet capture and logging
on the CISCO IDS system (the newer version which interfaces with
CiscoWorks and can run on Win2K)? I have hunted through the CISCO
provided PDF's and their a little on the light side. I also have hit the
usual suspects, google, CISCO groups, etc.. 

Thanks in advance for any help.


js

------------------------------------------------------------------------
---

------------------------------------------------------------------------
---




---------------------------------------------------------------------------

---------------------------------------------------------------------------