Filter
Top Products
35-27
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 35 Getting Started with IPS Configuration
IPS Health Monitor
Field Reference
IPS Health Monitor
Use the IPS Health Monitor page to configure the metrics, or parameters, that are used to determine the
health and network security status of your IPS devices. Your IPS devices use these metrics to assign
appropriate severity when sending IPS events. The results appear in the Health and Performance Monitor
of Security Manager (Launch > Health and Performance Monitor).
IPS Health Monitor is supported in IPS devices beginning with IPS version 6.1 and in Security Manager
beginning with version 4.4. Please note the following special cases:
1. For IPS devices running 7.x, all 11 configuration items in the IPS Security Settings Policy are
displayed and monitored properly in the Security Manager GUI.
2. For IPS devices running less than 6.1, the Network Participation and Global Correlation entries are
hidden in the device view of Security Manager.
3. Some IPS Health Monitor configuration items are protected entries on the device side itself and
cannot be edited. Security Manager informs you in such cases.
If you do not select a metric by checking the check box, it does not appear in the Health and Performance
Monitor. You can accept the default configuration or edit the values. Items will be disabled and will not
be editable if you do not select a metric.
The overall health is set to the most critical settings of any of the metrics. For instance, if all the selected
metrics are normal except for one that is critical, the overall health becomes critical. The IPS sensor
sends a health and security status event when the overall health status of the IPS sensor changes.
The security status of the IPS sensor is determined for each virtual sensor using the threat ratings of
events detected by the virtual sensors. The security status of the virtual sensor is raised when the virtual
sensor detects an event with a threat rating that exceeds the threshold for that virtual sensor. After a
threshold has been exceeded, the security status remains at a critical level until the configured amount
of time has passed with no more events being detected at the higher level.
To configure the metrics on the IPS Health Monitor page, select one of the following policies:
• (Device view) Select Platform > Device Admin > Health Monitor from the Policy selector.
Table 35-7 IPS Logging Page
Element Description
Interface Notifications Tab
Missed Packets Threshold The percent of missed packets that has to occur before you want to
receive notification. The default is 0, and the range is 0 to 100.
Notification Interval The length of time, in seconds, that you want to check for the
percentage of missed packets. The default is 30, and the range is 5 to
3600.
Interface Idle Threshold The length of time, in seconds, that you will allow an interface to be
idle and not receiving packets before you want to be notified. The
default is 30, and the range is 5 to 3600.
Analysis Engine Tab
Maximum Open IP Log Files The maximum number of open IP log files that you want to allow on the
sensor. The default is 20, and the range is 20 to 100.