cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
900
Views
5
Helpful
4
Replies

how to get IDSM-2 log file

Gongyuan Yao
Level 1
Level 1

Hi, we have IDSM-2 installed in cat 6500 system. Anyone knows how to get IDSM-2 syslog file? and how to config it to send log to syslog server? I know these two questions are pretty simple, but I have not found answers yet.

Any help would be greatly appreciated.

3 Accepted Solutions

Accepted Solutions

tsippa005
Level 1
Level 1

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

View solution in original post

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

View solution in original post

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

View solution in original post

4 Replies 4

tsippa005
Level 1
Level 1

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

Thanks a lot for all of the great help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: