Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Getting log data out of IPS 4240

We installed an IPS 4240 on our Customers Network a few months ago. We had great expectations for it during the installation, thinking that it would be alerting us to potentially suspicious activity any time any potential intruder tried to do anything suspicious on our network.

We can see where to device is useful with respect to seeing bogus signatures and then logging some data (capturing frames) in its IP Logging Feature.

It is also useful in its "Events" tab as one can drill down to specific time periods...

But what I really want is for it to:

1) Send syslog data to our Log Collection host, and 2) Send Alerts when these suspicious activities are detected so that an IT Admin knows what is going on and can react to them...

Is there a way to configure this?

2 REPLIES
Silver

Re: Getting log data out of IPS 4240

review the sensor config, interface setup, running config etc.

Gold

Re: Getting log data out of IPS 4240

You probably should have looked into this before purchasing a 4240;-)

Cisco IDS/IPS sensor appliances do not currently support sending alerts via syslog or SNMP traps. Events are generally collected from Cisco IDS/IPS sensors using RDEP or SDEE. Here's a perl module that might work (I've never used):

http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm

312
Views
0
Helpful
2
Replies
CreatePlease to create content