Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to get IDSM-2 log file

Hi, we have IDSM-2 installed in cat 6500 system. Anyone knows how to get IDSM-2 syslog file? and how to config it to send log to syslog server? I know these two questions are pretty simple, but I have not found answers yet.

Any help would be greatly appreciated.

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: how to get IDSM-2 log file

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

Gold

Re: how to get IDSM-2 log file

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

New Member

Re: how to get IDSM-2 log file

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

4 REPLIES
New Member

Re: how to get IDSM-2 log file

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

Gold

Re: how to get IDSM-2 log file

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

New Member

Re: how to get IDSM-2 log file

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

New Member

Re: how to get IDSM-2 log file

Thanks a lot for all of the great help.

491
Views
5
Helpful
4
Replies