IDS Log analysis

Unanswered Question
kleem Tue, 06/18/2002 - 05:50
User Badges:
  • Cisco Employee,

I am not familiar with how the Private-I tool operates, you may want to refer to their documentation about what it expects as input. Meanwhile, you ought to be able to 'cat log.* > ids.log' in the directory with the logs (on a unix host) or 'FOR %f IN (log.*) DO type %f >> ids.log' from the command prompt on a Windows host to combine all the log.date files into one file.

kleem Wed, 06/19/2002 - 05:02
User Badges:
  • Cisco Employee,

Use the Cisco IDS management application (CSPM) to receive/view alarms and create reports. CSPM communicates directly with the Sensors so that events are received in "real-time", avoiding the delay created by ftping the files periodically. Cisco does not have a separate tool which pulls in log files and analyzes them. Some of our partners, which are consumers of our alarm data, may have such a tool, but most of them take a direct feed like CSPM.

Actions

This Discussion