×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Is it possible for SSM-20 to stream to syslog?

Answered Question
Feb 2nd, 2014
User Badges:

Hi everyone,


Is it possible for SSM-20 to stream to syslog? I can't find any mention in the documentation on how to configure this.


The objective is simple: all SSM-20 generated events are sent to syslog using the good old UDP method.


Then the syslog server will do some data mining; FYI: I am using Manage Engine's product which has produced great results with other Cisco devices.


If the SSM-20 CAN NOT stream to syslog directly what ideas do you have in order to get those events pushed to syslog? Could the ASA be used as a proxy?


Thank you

~B

Correct Answer by rhermes about 3 years 6 months ago

No, you can't send events to the ASA.

SNMP Traps was the workaround. There is no syslog for signature events on Cisco IPS Sensors.

Now if you want to wait till you get a Sourcefire image running on a 5500-X platform, THEN you can get syslogs. (beta starts in the spring)


- Bob

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rhermes Mon, 02/03/2014 - 10:40
User Badges:
  • Gold, 750 points or more

None of the Cisco IPS sensors can generate syslog messages for signature events.

You can configure an SDEE client to [ull events off the sensor, or you can set the action on ALL your signatures to generate an SNMP Trap for the signature event.


- Bob

bbiandov Mon, 02/03/2014 - 13:37
User Badges:

Thanks Bob;


How about a work around; I am finishing for this since SDEE won't be optimal for me.


Is it possible for the IPS SSM to send all notifications to the ASA as console broadcasts and from there I know the ASA can easily do syslog?


Thanks

~B

Correct Answer
rhermes Mon, 02/03/2014 - 14:13
User Badges:
  • Gold, 750 points or more

No, you can't send events to the ASA.

SNMP Traps was the workaround. There is no syslog for signature events on Cisco IPS Sensors.

Now if you want to wait till you get a Sourcefire image running on a 5500-X platform, THEN you can get syslogs. (beta starts in the spring)


- Bob

bbiandov Tue, 02/04/2014 - 19:15
User Badges:

Not a chance with my bare metal but good to know, thanks Bob


Sent from Cisco Technical Support Android App

Actions

This Discussion