Security Services
Configuring Intrusion Prevention
STEP 2
STEP 3
NOTE
STEP 1
STEP 2
Cisco ISA500 Series Integrated Security Appliances Administration Guide
To log IPS events, you must first specify the action for the signatures, and
then go to the Device Management > Logs pages to configure the log
settings and log facilities. See
To save IPS logs to the local syslog daemon, you must enable the Log
feature, set the log buffer size and the severity for local logs, and then
enable the Local Log settings for the Intrusion Prevention (IPS) facility.
To save IPS logs to a remote syslog server, you must enable the Log
feature, specify the Remote Log settings, and enable the Remote Log
settings for the Intrusion Prevention (IPS) facility.
Click OK to save your settings.
Click Save to apply your settings.
Updating IPS Signature Database
You can automatically check for signature updates from Cisco's signature server
on a weekly basis or manually check for signature updates at any time by clicking
Check for Update Now. If a newer signature file is available, the new signature file
will be automatically downloaded to your device.
You can also first download the latest signature file from Cisco's signature server
to your local PC, and then manually update the IPS signatures through the
Configuration Utility.
A valid Cisco.com account is required to check for signature updates and
download the IPS signature file from Cisco's signature server. Go to the Device
Management > Cisco Services & Support > Cisco.com Account page to configure
your Cisco.com account credentials on the security appliance. See
Cisco.com Account, page
IPS and Application Control use the same signature database. Updating the IPS
signatures will also update the application signatures at the same time.
Click Security Services > Intrusion Prevention (IPS) > IPS Policy and Protocol
Inspection.
The IPS Policy and Protocol Inspection window opens.
In the Automatic Update Signature Database area, the following information is
displayed:
Log Management, page
374.
7
392.
Configuring
276