how to get IDSM-2 log file

Answered Question
Sep 29th, 2009

Hi, we have IDSM-2 installed in cat 6500 system. Anyone knows how to get IDSM-2 syslog file? and how to config it to send log to syslog server? I know these two questions are pretty simple, but I have not found answers yet.

Any help would be greatly appreciated.

I have this problem too.
0 votes
Correct Answer by andrey.dugin about 7 years 1 month ago

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

Correct Answer by rhermes about 7 years 2 months ago

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

Correct Answer by tsippa005 about 7 years 2 months ago

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
tsippa005 Tue, 09/29/2009 - 23:27

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

Correct Answer
rhermes Wed, 09/30/2009 - 08:26

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

Correct Answer
andrey.dugin Fri, 10/16/2009 - 06:00

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

Actions

This Discussion