Hi, we have IDSM-2 installed in cat 6500 system. Anyone knows how to get IDSM-2 syslog file? and how to config it to send log to syslog server? I know these two questions are pretty simple, but I have not found answers yet.
Any help would be greatly appreciated.
Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.
To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.
U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.