1.4 LOCALADDRESS 1.3 PORT-ORGID 8NUMBER 32000 APPLICATION...

10.10.1.4 localaddress 10.10.1.3 port-

orgid 8

number 32000 application director

local hostid 10

ip audit info action alarm

s 0

Internet

ip audit attack action alarm drop reset

tok 0

ip audit name TEST info list 3 action alarm

e 0/0

ip audit name TEST attack list 3 action alarm reset drop

interface e 0/0

ip address 10.10.1.3 255.255.0.0

S D

(

F a s tH u b 1 0 0 T /F X

C IS C O Y S T E M S

S

U tiliz a tio n (M b p s )

P O W E R

C o llis io n

1 +5 +1 0 +1 5 +

2 0 +2 5 +3 5 +5 0 +7 5 +1 0 0 +

ip audit TEST in

R e s e t

L in k

R e c e iv e

D is a b le d

1 x

2 x

3 x

4 x

5 x

6 x

7 x

8 x

9 x

1 0 x

1 1 x

1 2 x

1 3 x

1 4 x

1 5 x

T x

1 6

R x

F a s t E th e rn e t (1 0 0 M b p s )

interface tokenring 0

ip address 11.1.3.1 255.255.255.0

access-list 3 deny 11.1.3.1 0.0.0.255

ip audit po protected 10.10.0.0 to 10.10.255.254

(config output omitted)

NetRanger Director

IP Address 10.10.1.4

local hostid 11

S un

S P A R C s ta tio n 5

Let’s describe the commands in turn:

ip audit smtp spam 50

This sets a threshold of 50 recipients in an e-mail to denote spam

e-mail.

ip audit po max-events 20

This defines that 20 entries can be queued up for sending to the

Director; above this value events will be dropped. You need to be careful

when using this command as each queue entry uses 32KB of RAM. You

can monitor levels of RAM using the show proc mem command.

ip audit notify nr-director

This configures the NetRanger Director as the destination for the

alarms.

ip audit po local hostid 10 orgid 8

This defines the local router’s post office details. The hostid is unique

and the orgid is the same as the NetRanger Director group.

ip audit po remote hostid 11 orgid 8 rmtaddress 10.10.1.4 localaddress