Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDIOM or SDEE

What determines whether the alarm type is collected by secmon as IDIOM or SDEE.

I have some Version 5.1(1p1)S222.0 sensors that appear under alarm type IDIOM and some Version 5.1(1p1)S222.0 sensors the show up as SDEE on the SecMon 2.2 console.

How do you configure the alarm type for a sensor?

Thanks in advance.

1 REPLY
New Member

Re: IDIOM or SDEE

There is a big difference in the way vms2.3 fetches the events from a v4 sensor as compared with a v5 sensor

Version 4 uses

last request method = GET

last request URI = cgi-bin/event-server

The signature part that contains the subsigid looks like this:

Netsky.AB .pif

Version 5 uses

last request method = GET

last request URI = cgi-bin/sdee-server

The signature part that contains the subsigid looks like this:

-

9

Is this configurable?

Are alerts that come from v5 sensor stored in both the sdee server as well as the event server?

The issues that I have is the sub signature is not reported correctly on the console of SecMon for an SDEE event and as a work around I work like to revert to using the event server

153
Views
0
Helpful
1
Replies
CreatePlease to create content