Just finished researching on options concerning the aip-ssm 20 module and am now at a dead end. I understand that there is no option for syslog, email alerts. SNMP apparently is only for critical-device related alerts. The thing is i am desperate to find a way to forward logs from the ips which i can view via asdm event viewer to a central log server. Is this possible via some scripting or third party application?
Cisco's IPS sensors support event retrieval via the Security Device Event Excahnge (SDEE) protocol. There are several products that support this protocol (Cisco IPS Manager Express [IME] is a free option, CS-MARS, and other 3d party solutions). IME and CS-MARS can be configured to generate email alerts for signature events.
You can enable the sensor to generate a SNMP trap for specific signatures, but do understand that details in trap-based signature events is less than that provided via SDEE. You need to enable the sensor to generate detailed traps for alerts, and then assign the 'Request SNMP Trap' action to the signatures of interest (or assign to a range of risk ratings via an event action override (EAO)). This option is not recommended as an action to be assigned to all signatures on the sensor.
While on this topic, we've hacked together something that does a half decent job of polling events from the IDS through SDEE in query mode. So we hit the IDS every 15 seconds and ask for the events since the last event. Then, we log these events and fire off suitable alerts as needed. This is all fine, however, the "events retrieval" flag in the sensor health metrics is always critical as if we had never retrieved the events. So, I realize I can turn that sensor health metric off, but the question is, why doesn't it mark the events as read?
Also, how can I get a copy of the SDEE Specification as mentioned in the Reference documents of this note:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :