Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configure ASA-SSM-10 for Syslog

How to configure syslog on the following IPS module ?

I need to send logs from this sensor

Platform: ASA-SSM-10
Build Version: 7.0(4)E4

Os Version: 2.4.30-IDS-smp-bigphys
Can anybody advise me on this.

Regards,
Rohit

Everyone's tags (1)
2 REPLIES
New Member

Configure ASA-SSM-10 for Syslog

Do you need the syslogs to be sent or the Events.

IPS sensors do not support syslog forwarding.  Syslog is fairly
restrictive in size of messages and is not secure or reliable.

sensor does support sending of events using SNMP
(again with the same sets of restrictions:  not full data, clear text,
not reliable).

There is a physical ability to send events as traps.  It isn't
recommended for many reasons (or lets say it isn't recommended in the
same way that monitoring using SDEE is).  SNMP trap receivers generally
aren't built to handle, say 200 events per second per device.  The
sensor isn't capable of sending at the same event rate as it is with
SDEE.  The traps are in clear text and are not reliably sent.  They
don't contain the same amount of info as an SDEE event, and can't.

If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.

Hope this helps.

Sachin

New Member

 

 

Hi Sachin,

 

Can you confirm , is this still valid ?

IPS sensors do not support syslog forwarding

 

2311
Views
0
Helpful
2
Replies
CreatePlease login to create content