Network Management

Reply
Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

IDS Events in Airwave

I have my controller pointed to my airwave server for SNMP traps, however, I am having the following issue.  If I go to the Security Dashboard on the controller I can see that I have several detected events, but if I go to the RAPIDS tab in airwave then the ids events subtab I have no events listed.  Should this screen be populated by the detected events on the controller's security dashboard?

 

Thanks

Contributor I
Posts: 24
Registered: ‎06-24-2009

Re: IDS Events in Airwave

Hi -

 

If you go to APs/Devices and select the controller, click "Poll Now".  Does this generate any errors?  (Just to confirm the AirWave config is correct for the controller in question.)

 

Also, how old are these IDS events on the controller?  Remember that the dashboard on the controller is realtime, whereas the AirWave console is subject to a polling interval.  If the events are brand-new, they may not have been caught by AirWave yet.

 

Additionally, if you go into AMP Setup, confirm the settings on the General tab.  (Display RAPIDS: Yes, etc.)

 

Finally, you can go to System -> Alerts to see the SNMP traps come in.  Do you see any traps from that particular controller?

 

I hope this helps!

 

- Jay

 

 

 

 

Aruba Employee
Posts: 27
Registered: ‎03-01-2012

Re: IDS Events in Airwave

The "IDS Events" page on Airwave is populated by SNMP traps as you indicated, not SNMP polling. The first thing to do is verify your AMP is actually receiving traps from the controller. If you are running a recent version of AMP, you can go to the controller's monitoring page (on Airwave) and look at the "Device Events" table. This will contain all SNMP traps and syslog messages Airwave receives from the controller. You should see a bunch of SNMP traps there. If you are not running a recent version of AMP then there are other slightly more complicated ways of determining if you are receiving traps at all.

Regular Contributor I
Posts: 166
Registered: ‎04-11-2011

Re: IDS Events in Airwave

[ Edited ]

I believe I now have it solved.  I upgraded to the latest release of airwave and now have IDS events showing under the RAPIDS tab in airwave.

 

Thakns

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: IDS Events in Airwave

I am running AMP 7.5.5 (latest version)

 

I also see snmp-traps and syslogs in AMP (under System - Syslog/Traps)

I do not see IDS events.

 

the mgmt-server of my controllers is AMP's IP

Trap-host on the controllers is set to AMP

Trap-source is the controllers-ip

 

Any thoughts?

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,484
Registered: ‎03-29-2007

Re: IDS Events in Airwave

Please see the Aruba and AMP best practices guide here:  http://support.arubanetworks.com/DOCUMENTATION/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=8053

 

It will go over, in detail what needs to be done.  Somethings, you might have already done; I understand.

 

Do you have the IDS/IPS license installed on your controller?  Do you have the attacks configured as "detect" in the IDS profile in the Aruba controller?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: IDS Events in Airwave

I have followed every step of that guide and everything should be configured correctly.

 

I have set this up before and it has worked in the past, this new customer for some reason I do not see anything.

 

Unfortunately, I am not the one who configured the controllers but none of the attacks are selected as "detect", except for like "Detect bad WEP", "Detect Station Association To Rogue AP".

I have asked for clarification as to why none of those attacks are configured.

Could this be the case why no IDS events are showing up?

 

There is an RF Protect license on all of the controllers.

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Guru Elite
Posts: 21,484
Registered: ‎03-29-2007

Re: IDS Events in Airwave

Yes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,437
Registered: ‎10-25-2011

Re: IDS Events in Airwave

Thank you.

 

That answers that.

 

 

Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Search Airheads
Showing results for 
Search instead for 
Did you mean: