cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
2
Replies

SDEE schema

snowmizer
Level 1
Level 1

I'm trying to write a script that will pull IPS events off of our ASA IPS SSM module and write them to our log management system. I have a script that successfully pulls the alert events. I also want to pull the error, status, and log transaction events however there is no guarantee when these events will happen so I can't write the script and pull the XML schema through the debug process. I need to have these scripts in place so that if/when these events happen they will get loaded to my log management system.

Does anyone have the XML schema for the evIdsStatus, evIdsError, or evIdsLogTransaction events?

Thanks.

2 Replies 2

Maciej Waliszko
Level 1
Level 1

hi Snowmizer,

Would it be possible you could share that script? Do you have any information on the sdee command syntax so that it would be possible to pull data from ASA IPS modules?

regards,

m.w

If I still had the script. I did an upgrade on the product that was using it and now it's gone so I've got to recreate it. Just a bit short in getting the backup set up on that server before I lost it.

When I get it re-written I can possibly post it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: