SNORT 入侵侦测

配置说明 | 验证配置 | 测试效果


snort1.png

手动更新特征库

1. 确认 PVG0 端口可以连上Internet (注意路由、NAT)
2. 敲入 utd threat-inspection signature update 进行特征库更新
3. 使用 show utd engine standard signature update status 显示更新状况

Device#show utd engine standard signature update status
Current Signature package version: 2982.7.s
Current Signature package name: UTD-STD-SIGNATURE-2982-7-S.pkg
Previous Signature package version: 29.0.c
Last update status: Successful
Last failure Reason: None
Last successful update method: Manual
Last successful update server: cisco
Last successful update time: Sun Sep 25 14:29:33 2016 BST
Last successful update speed: 3250158 bytes in 202 secs
Last failed update method: None
Last failed update server: None
Last failed update time: None
Last attempted update method: Manual
Last attempted update server: cisco
Last attempted update time: Sun Sep 25 14:29:33 2016 BST
Total num of updates successful: 1
Num of attempts successful: 1
Num of attempts failed: 0
Total num of attempts: 1
Next update scheduled at: None
Current Status: Idle

确认 SNORT 运作正常

Device#show service-insertion type utd service-node-group 
Service Node Group name         : utd_sng_1
    Service Context             : utd/1
    Member Service Node count   : 1

Service Node (SN)                   : 192.168.0.2
Auto discovered                     : No
SN belongs to SNG                   : utd_sng_1
Current status of SN                : Alive
Time current status was reached               : Wed Oct 21 10:32:12 2015

Cluster protocol VPATH version                : 1
Cluster protocol incarnation number           : 2
Cluster protocol last sent sequence number    : 1445749509
Cluster protocol last received sequence number: 320234
Cluster protocol last received ack number     : 1445749508
除非特别注明,本页内容采用以下授权方式: Creative Commons Attribution-ShareAlike 3.0 License