Enabling SDEE on AIP-SSM

Unanswered Question
Jun 30th, 2009

I have an AIP-SSM on a 5510. I'd like to pull events via SDEE. How do I go about setting this up? I have read some docs to just add host to the allowed hosts list, and setup a readonly account.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
robertson.michael Wed, 07/01/2009 - 11:56

Hi Jason,

I have yet to find a good way to pull event data from the AIP module. However, you can, as you mentioned, setup a read-only user on the module and retrieve event data from a single sensor using IDM, or from multiple sensors with IME.

To access IDM, you can simply browse to https://. Here is the reference for viewing events in IDM:

http://www.cisco.com/en/US/docs/security/ips/6.2/configuration/guide/idm/idm_monitoring.html#wp1124764

IME is a free download from Cisco.com.

Hope that helps.

-Mike

Actions

This Discussion