SDEE schema

Unanswered Question
Feb 3rd, 2010
User Badges:

I'm trying to write a script that will pull IPS events off of our ASA IPS SSM module and write them to our log management system. I have a script that successfully pulls the alert events. I also want to pull the error, status, and log transaction events however there is no guarantee when these events will happen so I can't write the script and pull the XML schema through the debug process. I need to have these scripts in place so that if/when these events happen they will get loaded to my log management system.


Does anyone have the XML schema for the evIdsStatus, evIdsError, or evIdsLogTransaction events?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Maciej Waliszko Mon, 03/01/2010 - 13:02
User Badges:

hi Snowmizer,


Would it be possible you could share that script? Do you have any information on the sdee command syntax so that it would be possible to pull data from ASA IPS modules?


regards,

m.w

snowmizer Tue, 05/04/2010 - 08:38
User Badges:

If I still had the script. I did an upgrade on the product that was using it and now it's gone so I've got to recreate it. Just a bit short in getting the backup set up on that server before I lost it.


When I get it re-written I can possibly post it.

Actions

This Discussion