Based on the following post, cisco IPS' can send basic syslog messages: https://supportforums.cisco.com/discussion/12180461/cisco-asa-5585-syslog-options-ips
Does anyone know which messages are sent via syslog?
Also, I understand the Cisco IME can be used to retrieve SDEE logs. I understand it can archive files. I need to make sure the logs are archived, and kept for at least a year. My concern for Cisco IME is that I won't know if the IME application fails or not. I believe it needs to be running in order for it to retrieve the SDEE logs.
Also, if the max number of archived files ever hits, is it possible to move old files to another folder? And then move those files back when they need to be viewed in the IME?
I am also hitting a deadend when it comes to finding alternatives for logging SDEE events. Splunk used to have a tool that could do this. But it is now deprecated. Anyone aware of any good SDEE retrival tools?
There are very few IPS-related syslog messages generated - primarily health of the overall sensor device or platform. Anything useful as far as actual IPS intrusion events, attempts etc. will only be available on the legacy Cisco IPS platforms via SDEE.
Cisco IME (free, limited number of managed devices, runs on a PC without any real archiving etc.) is the least cost option to retrieve and display the events.
Stepping up in the Cisco offerings would be to use Cisco Security Manager. It does archiving, hierarchical storage etc. However it's days are numbered as Cisco revamps both the IPS and traditional ASA features to account for both their development of CX-related products (including IPS) and the SourceFire product line. I don't now that I'd recommend CSM for a new buy.
If you have existing Cisco IPS and really need to archive the SDEE-retrieved events, then you could use LogRhythm or such as noted in the earlier reply.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :