SDEE report

Unanswered Question
Aug 3rd, 2010


i just wondering wow can i view the SDEE generating event monitoring and reports using CLI? is there any command for this, or force to use SDM/CCP to view on it?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
rhermes Wed, 08/04/2010 - 08:14

Using the standard CLI here isn't a way (I know of) to see the raw SDEE events. (it might be possible via the service account).

In the CLI you can get much of the information using the "show event past" command. Filters can be used to look for specific types of events.

- Bob

Siddharth Chand... Wed, 08/04/2010 - 12:01

In simple words: SDEE is a way for devices to login into the IPS and grab events from th IPS's event store.

IPS acts as a SDEE provider where it can commnicate events to SDEE clients like IME, or 3rd party SDEE servers.

SDEE is enabled by default on the IPS.

To test SDEE communication, you try the following:

https://add-ips-/cgi-bin/sdee-server/      and log in.

You shall see xml data come back.

There is no way to check this in CLI.

If you are just trying to look for events generated by IPS:

R057-4270-2# show events ?
alert          Display local system alerts.
error          Display error events.
hh:mm[:ss]     Display start time.
log            Display log events.
nac            Display NAC shun events.
past           Display events starting in the past specified time.
status         Display status events.
|              Output modifiers.

- Sid


This Discussion