Configure ASA-SSM-10 for Syslog

Rohit Shetty · ‎03-06-2012

How to configure syslog on the following IPS module ?

I need to send logs from this sensor

Platform: ASA-SSM-10
Build Version: 7.0(4)E4

Os Version: 2.4.30-IDS-smp-bigphys
Can anybody advise me on this.

Regards,
Rohit

svaish · ‎03-07-2012

Do you need the syslogs to be sent or the Events.

IPS sensors do not support syslog forwarding.  Syslog is fairly
restrictive in size of messages and is not secure or reliable.

sensor does support sending of events using SNMP
(again with the same sets of restrictions:  not full data, clear text,
not reliable).

There is a physical ability to send events as traps.  It isn't
recommended for many reasons (or lets say it isn't recommended in the
same way that monitoring using SDEE is).  SNMP trap receivers generally
aren't built to handle, say 200 events per second per device.  The
sensor isn't capable of sending at the same event rate as it is with
SDEE.  The traps are in clear text and are not reliably sent.  They
don't contain the same amount of info as an SDEE event, and can't.

If you need the events to be sent to a database you can run cisco IME which can collect all the events generated by the IPS.

Hope this helps.

Sachin

networks · ‎07-10-2014

Hi Sachin,

Can you confirm , is this still valid ?

IPS sensors do not support syslog forwarding