I am new to this IDS and need an inexpensive or open source way to collect and store logs from this device. It seems the device can only store a day or two of its own logs and I need to collect 1 year. I have Red Hat linux machines at my disposal but can use Windows devices or other forms of Linux if necessary. It would be great if I could simply have this thing log to a file on a Linux server on the LAN. I can then setup scripts to watch and create reports from the logs.
I have installed the IDM on my Windows workstation and can connect to the IDS but don't see a way to collect logs, fire email alerts or create reports. Is there something Cisco makes available (without additional purchase) for this?
To follow-up on Terry's comments; Cisco does provide a free (though not open-source) solution called IPS Manager Express. The current release 7.0.3 supports monitoring up to 10 Cisco IPS sensors (to include IOS IPS configured routers). IME stores collected IPS events in a local MySQL database (closed schema) and can be configured to store up to 1 million events per file, with a maximum of 400 files. Depending on event rate, this could last the one year you require. You can find out more and download IME at:
Please be aware that IME includes the ability to monitor IPS events as well as perform configuration tasks on Cisco IPS sensors. The configuration capability of IME is limited to IPS sensors running release 6.1 and higher.
If you are interested in creating your own collection process on a Linux host, Cisco's IPS sensors support event retrieval using the Security Device Event Exchange (SDEE) protocol. SDEE is an industry standard protocol and there are several open-source libraries available for using in the creation of an event collection and storage solution.
For email alerts you can use IPS Manager Express http://www.cisco.com/en/US/products/ps9610/index.html I believe it will manage up to 10 IPS sensors.