I'm new to the IPS/ASA and looking for more information on IPS event log monitoring. I have the VMS software and I am looking into configuring a syslog server to capture events. We are a fairly small network (50-60 nodes) with only 3-4 cisco devices on the system. Do I need a dedicated syslog machine, what metrics do you look at when assigning machine roles?
with only 4 devices, you could use your workstation as the syslog server, but that depends on how your network is being monitored. In a 24x7 operations center, you would definitely need a dedicated server, but if you alone are responsible, logging to your workstation should be sufficient.
Not sure what you mean by metrics, but regarding configuring traps and events on the IPS, have a look at this document:
Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...