ASA WITH AIP-SSM10 how else to log Alerts

Patrick.Beaven · ‎09-11-2007

I just setup an ASA 5510 with the SSM10 module installed and specified to the inspect all traffic I have tested it by doing some port scans and then showing alerts and it seems to be working fine at this point. I setup the trap notifications to a syslog server that can receive them but of course you get the normal MIB oid 1.3.6 etc etc instead of any useful notification. What packages can read & break down this info into readable info and is there any way to make the IPS module log this info as a syslog entry instead of using snmp? I dont have the resources of a MARS appliance to break down the oids and dont want to do it myself. Is there any other cisco pkgs or open-source packages that will do this?

Any help is Appreciated!

marcabal · ‎09-11-2007

The sensor software does not currently support being able to send the alerts in a syslog format.

Cisco does offer the IPS Event Viewer (IEV) at no extra charge when you have a Cisco Service for IPS maintenance contract on your sensor. You need the contract for loading new signature updates anyway, so it won't cause you any additional money.

The IEV is able to pull events from the sensor in their native SDEE format and provide you a graphical interface for viewing and reporting on the alerts.

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev