Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Event retrieval

Hi,

i am running a network having 30 IPS (which indcludes SSM20s, IDSMs and IPS 44XX).

i dont have mars device. Is there any way to retrieve events from all the IPS to one central location using csmanager ??

or is there any freeware that can do the job.

Thanks in advance

3 REPLIES
Gold

Re: Event retrieval

CSM doesn't collect events, it can only be used to manage the signatures and configurations on your sensors. To collect events you'll need a SIM like MARS, NetForenisics, Intelitactics that has an SDEE (version 7.x has a newer protocol that is backards compatible with SDEE, I forget it's name) listener.

There were some open source pieces you could try to put together yourself, but nothing I know of that is preassembled.

Alternately, you could option all your enabled signatures to fire off an SNMP trap and collect those with a free SNMP receiver.

New Member

Re: Event retrieval

Thanks for the reply.

i tried receiving events with an CA`s snmp receiver but the events i m receiving are not readable ..

can u sugggests any receiver.

New Member

Re: Event retrieval

You may use OpenNMS as free traps receiver.

201
Views
0
Helpful
3
Replies
CreatePlease to create content