how to integrate IPS LOGS in to SIM ( Symantec Information Manager)

Unanswered Question
May 18th, 2010

Can any one tell me how to integrate IPS logs in to Symantec Information Manager and the Logs format.

Thanks for your help

-VP

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
johan.kellerman Wed, 05/19/2010 - 00:47

Hi

You have to use SDEE to collect events (log entries) from the sensor. I believe that SIM supports SDEE otherwise your are left with SNMP/SNMP traps which is not a good choice for this since you have to tweak signatures. Syslog is unfortunately not an option.

Br

Johan Kellerman

Actions

This Discussion