Event retrieval

Unanswered Question
Jun 26th, 2009

Hi,

i am running a network having 30 IPS (which indcludes SSM20s, IDSMs and IPS 44XX).

i dont have mars device. Is there any way to retrieve events from all the IPS to one central location using csmanager ??

or is there any freeware that can do the job.

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Fri, 06/26/2009 - 07:12

CSM doesn't collect events, it can only be used to manage the signatures and configurations on your sensors. To collect events you'll need a SIM like MARS, NetForenisics, Intelitactics that has an SDEE (version 7.x has a newer protocol that is backards compatible with SDEE, I forget it's name) listener.

There were some open source pieces you could try to put together yourself, but nothing I know of that is preassembled.

Alternately, you could option all your enabled signatures to fire off an SNMP trap and collect those with a free SNMP receiver.

manmeetshergill Sun, 06/28/2009 - 01:16

Thanks for the reply.

i tried receiving events with an CA`s snmp receiver but the events i m receiving are not readable ..

can u sugggests any receiver.

Actions

This Discussion