Event retrieval

Unanswered Question
Jun 26th, 2009
User Badges:

Hi,

i am running a network having 30 IPS (which indcludes SSM20s, IDSMs and IPS 44XX).

i dont have mars device. Is there any way to retrieve events from all the IPS to one central location using csmanager ??

or is there any freeware that can do the job.


Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Fri, 06/26/2009 - 07:12
User Badges:
  • Gold, 750 points or more

CSM doesn't collect events, it can only be used to manage the signatures and configurations on your sensors. To collect events you'll need a SIM like MARS, NetForenisics, Intelitactics that has an SDEE (version 7.x has a newer protocol that is backards compatible with SDEE, I forget it's name) listener.

There were some open source pieces you could try to put together yourself, but nothing I know of that is preassembled.

Alternately, you could option all your enabled signatures to fire off an SNMP trap and collect those with a free SNMP receiver.

manmeetshergill Sun, 06/28/2009 - 01:16
User Badges:

Thanks for the reply.

i tried receiving events with an CA`s snmp receiver but the events i m receiving are not readable ..

can u sugggests any receiver.

andrey.dugin Mon, 10/19/2009 - 04:40
User Badges:
  • Bronze, 100 points or more

You may use OpenNMS as free traps receiver.

Actions

This Discussion