IDS Policy Alarm

acIDSPolicyAlarm

Alarm

acIDSPolicyAlarm

OID

1.3.6.1.4.1.5003.9.10.1.21.2.0.99

Description

The alarm is sent when a threshold of a specific IDS Policy rule is crossed for the Intrusion Detection System (IDS) feature. The alarm displays the crossed severity threshold (Minor or Major), IDS Policy and IDS Rule, and the IDS Policy-Match index.

The alarm is associated with the MO pair IDSMatch and IDSRule.

Default Severity

-

Event Type

Other

Probable Cause

 

Alarm Text

"<Severity> (enum severity) cross. Policy: <Name> (<Index>), Rule: <Name>, Last event: <Name>, Source: <IP Address:portprotocol>, SIP Interface: <Name> (<Index>)"

For example:

"Major threshold (3) cross. Policy: My Policy (3), Rule: Malformed messages, Last event: SIP parser error, Source: 10.33.5.111:62990udp, SIP Interface: SIPInterface_0 (0)."

Severity

Condition

Text

Corrective Action

Minor or Major (depending on crossed threshold)

Threshold of a specific IDS Policy rule is crossed.

(see Alarm Text above)
1. Identify additional traps (acIDSThresholdCrossNotification) that were sent alongside this Intrusion Detection System (IDS) alarm.
2. Locate the remote hosts (IP addresses) that are specified in the traps.
3. Examine the behavior of those hosts (with regard to the reason specified in the alarm), and attempt to fix incorrect operation.
4. If necessary, change the configured thresholds in the IDS Rule table under the IDS Policy table.