rhermes Wed, 08/04/2010 - 08:14
User Badges:
  • Gold, 750 points or more

Using the standard CLI here isn't a way (I know of) to see the raw SDEE events. (it might be possible via the service account).

In the CLI you can get much of the information using the "show event past" command. Filters can be used to look for specific types of events.

- Bob

Siddharth Chand... Wed, 08/04/2010 - 12:01
User Badges:
  • Cisco Employee,

In simple words: SDEE is a way for devices to login into the IPS and grab events from th IPS's event store.

IPS acts as a SDEE provider where it can commnicate events to SDEE clients like IME, or 3rd party SDEE servers.

SDEE is enabled by default on the IPS.

To test SDEE communication, you try the following:

https://add-ips-/cgi-bin/sdee-server/      and log in.

You shall see xml data come back.

There is no way to check this in CLI.

If you are just trying to look for events generated by IPS:

R057-4270-2# show events ?
alert          Display local system alerts.
error          Display error events.
hh:mm[:ss]     Display start time.
log            Display log events.
nac            Display NAC shun events.
past           Display events starting in the past specified time.
status         Display status events.
|              Output modifiers.

- Sid


This Discussion