Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
0
Helpful
2
Replies

Getting log data out of IPS 4240

Kevin Melton
Level 2
Level 2

‎05-06-2008 06:41 AM - edited ‎03-10-2019 04:05 AM

We installed an IPS 4240 on our Customers Network a few months ago. We had great expectations for it during the installation, thinking that it would be alerting us to potentially suspicious activity any time any potential intruder tried to do anything suspicious on our network.

We can see where to device is useful with respect to seeing bogus signatures and then logging some data (capturing frames) in its IP Logging Feature.

It is also useful in its "Events" tab as one can drill down to specific time periods...

But what I really want is for it to:

1) Send syslog data to our Log Collection host, and 2) Send Alerts when these suspicious activities are detected so that an IT Admin knows what is going on and can react to them...

Is there a way to configure this?

Labels:
0 Helpful
2 Replies 2

mchin345
Level 6
Level 6

‎05-12-2008 09:02 AM

review the sensor config, interface setup, running config etc.

0 Helpful

mhellman
Level 7
Level 7

‎05-12-2008 11:08 AM

You probably should have looked into this before purchasing a 4240;-)

Cisco IDS/IPS sensor appliances do not currently support sending alerts via syslog or SNMP traps. Events are generally collected from Cisco IDS/IPS sensors using RDEP or SDEE. Here's a perl module that might work (I've never used):

http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card