Log save

mitang.prajapati · ‎05-31-2010

Hi ,

I want to know how to save IPS 4260 logs.

Scott Fringer · ‎06-01-2010

Cisco's IPS sensors allow event retrieval via the Security Device Event Exchange (SDEE) protocol. There are many products that support this protocol. Cisco provides a free solution called IPS Manager Express (IME). It will retrieve signature events from Cisco IPS sensors and store them in a local MySQL database. You can find out more about IME, and download it here:

http://www.cisco.com/go/ime

Another solution, for multiple security device log collection and incident correlation, is CS-MARS. You can find out more about CS-MARS here:

http://www.cisco.com/go.mars

Scott

Munaf Ahmed · ‎06-01-2010

Scott,

Is there any product/tool avialable that our customer can use to pull IPS alarms/event logs via SDEE and save it on a syslog server (kiwi for example) ?

Thanks

Munaf

Scott Fringer · ‎06-02-2010

Munaf;

I am not aware of such a product. I have heard of customers using perl scripts, and other custom solutions, to accomplish similar IPS event manipulation.

Scott

Munaf Ahmed · ‎06-02-2010

I did some research, Security Information & Event Management (SIEM) solution provides log management capabilities for Cisco IPS and CS-MARS. Sansage SIEM supports SDEE protocol and it can pull data from Cisco IPS and CS-MARS.

http://www.sensage.com/solutions/siem.php?expandable=1