Cisco Systems ISA550 Manual De Usuario

Configuring Intrusion Prevention

Cisco ISA500 Series Integrated Security Appliances Administration Guide

324

 

To log IPS events, you must first specify the action for the signatures, and 
then go to the Device Management > Logs pages to configure the log 
settings and log facilities. See 

.

To save IPS logs to the local syslog daemon, you must enable the Log 
feature, set the log buffer size and the severity for local logs, and then 
enable the Local Log settings for the Intrusion Prevention (IPS) facility. 

To save IPS logs to a remote syslog server, you must enable the Log 
feature, specify the Remote Log settings, and enable the Remote Log 
settings for the Intrusion Prevention (IPS) facility. 

Click OK to save your settings. 

Click Save to apply your settings. 

You can automatically check for signature updates from Cisco’s signature server 
on a weekly basis or manually check for signature updates at any time by clicking 
Check for Update Now. If a newer signature file is available, the new signature file 
will be automatically downloaded to your device. 

You can also first download the latest signature file from Cisco’s signature server 
to your local PC, and then manually update the IPS signatures through the 
Configuration Utility.

A valid Cisco.com account is required to check for signature updates and 
download the IPS signature file from Cisco’s signature server. Go to the Device 
Management > Cisco Services & Support > Cisco.com Account page to configure 
your Cisco.com account credentials on the security appliance. See 

IPS and Application Control use the same signature database. Updating the IPS 
signatures will also update the application signatures at the same time.

Click Security Services > Intrusion Prevention (IPS) > IPS Policy and Protocol 
Inspection. 

The IPS Policy and Protocol Inspection window opens. 

In the Automatic Update Signature Database area, the following information is 
displayed: