Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

cisco asa 5585 syslog options for ips?

We have CISCO ASA 5585 with a separate module for IPS, I want to know what are the options for configuring syslog? Its nearly impossible to find ; and there are some forums on the internet which says that cisco ips stores logs in native / proprietary format and cannot be exported.

Please elaborate

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Some sensor-related events

Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.

Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.

2 REPLIES
Hall of Fame Super Silver

Some sensor-related events

Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.

Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.

New Member

Hi Marvin,Do you know which

Hi Marvin,

Do you know which sensor-related events generate syslog messages?

I have a few other questions in regards to IME and such if you are interested:

https://supportforums.cisco.com/discussion/12306116/cisco-ips-logging-options-sdee-ime-archiving

 

Thanks in advance

310
Views
5
Helpful
2
Replies
CreatePlease to create content