how to integrate IPS LOGS in to SIM ( Symantec Information Manager)

Unanswered Question
May 18th, 2010
User Badges:

Can any one tell me how to integrate IPS logs in to Symantec Information Manager and the Logs format.


Thanks for your help

-VP

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
johan.kellerman Wed, 05/19/2010 - 00:47
User Badges:

Hi


You have to use SDEE to collect events (log entries) from the sensor. I believe that SIM supports SDEE otherwise your are left with SNMP/SNMP traps which is not a good choice for this since you have to tweak signatures. Syslog is unfortunately not an option.

Br


Johan Kellerman

Actions

This Discussion