Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
502
Views
0
Helpful
3
Replies

Event retrieval

manmeetshergill
Level 1
Level 1

‎06-26-2009 05:04 AM - edited ‎03-10-2019 04:40 AM

Hi,

i am running a network having 30 IPS (which indcludes SSM20s, IDSMs and IPS 44XX).

i dont have mars device. Is there any way to retrieve events from all the IPS to one central location using csmanager ??

or is there any freeware that can do the job.

Thanks in advance

Labels:
0 Helpful
3 Replies 3

rhermes
Level 7
Level 7

‎06-26-2009 07:12 AM

CSM doesn't collect events, it can only be used to manage the signatures and configurations on your sensors. To collect events you'll need a SIM like MARS, NetForenisics, Intelitactics that has an SDEE (version 7.x has a newer protocol that is backards compatible with SDEE, I forget it's name) listener.

There were some open source pieces you could try to put together yourself, but nothing I know of that is preassembled.

Alternately, you could option all your enabled signatures to fire off an SNMP trap and collect those with a free SNMP receiver.

0 Helpful

manmeetshergill
Level 1
Level 1
In response to rhermes

‎06-28-2009 01:16 AM

Thanks for the reply.

i tried receiving events with an CA`s snmp receiver but the events i m receiving are not readable ..

can u sugggests any receiver.

0 Helpful

andrey.dugin
Level 1
Level 1
In response to manmeetshergill

‎10-19-2009 04:40 AM

You may use OpenNMS as free traps receiver.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card