Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS 4125 , web interface access, CLI access, monitoring

I knew that we can use ciscowork 2000 to monitor IDS.

1- But can I use Cisco security agent to monitor IDS as well ?

2- Are there any other software for monitoring IDS beside ciscowork 2000 ?

3- Does IDS 4125 itself have web interface for monitoring ?

4- We have got IDS 4125 at work (production line), I tried to access it through web interfaces, I tried all of these without any success:

https(with s)://192.168.x.x,and https(with s)://192.168.x.x:443, http(without s)://192.168.x.x, I could not, then I tried to access it through console without any success.

I can telent to it.

Regards

Regards

6 REPLIES
New Member

Re: IDS 4125 , web interface access, CLI access, monitoring

Any help or comment ?

Thanks

Gold

Re: IDS 4125 , web interface access, CLI access, monitoring

1) No. CSA is a host based IDS. Do you mean Cisco Security Manager? I'm not positive, but I don't think the CSM supports event monitoring like the old CiscoWorks/VMS did.

http://www.cisco.com/en/US/customer/products/ps6498/products_data_sheet0900aecd803ffd5c.html

2)Here are the Cisco tools:

IDS Event Viewer (free): http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

CSMARS: http://www.cisco.com/en/US/products/ps6241/index.html

CiscoWorks SIM(netforensics): http://www.cisco.com/en/US/products/sw/cscowork/ps5209/index.html

Otherwise, just do a google search for "Security Event Management" or similar. The Cisco IDS/IPS has enough market share that most vendors support them.

3) I'm not familiar with that model. Do you mean 4215? The 5.x version has an event monitoring web interface. I don't remember if the 4.x code does.

4) By default, the 5.x sensor will be listening on tcp port 443 for https connections and tcp port 22 for ssh connections. telnet is disabled by default. These can all be modified though.

New Member

Re: IDS 4125 , web interface access, CLI access, monitoring

[cut]

CSA is a host based IDS

[/cut]

I see

[cut]

Do you mean Cisco Security Manager

[/cut]

i menat Cisco Security Agent (CSA) not Manager

[cut]

IDS Event Viewer (free)

[/cut]

no it is not free unfortunatly

[cut]

I'm not familiar with that model. Do you mean 4215?

[/cut]

yes, my mistake, sorry.

[cut]

I don't remember if the 4.x code does.

[/cut]

Yes we have got 4.1(1)S47 not 5

Gold

Re: IDS 4125 , web interface access, CLI access, monitoring

[cut]

IDS Event Viewer (free)

[/cut]

no it is not free unfortunatly

How is it "not free"? You probably have to have a valid contract for an IPS device, but otherwise isn't it free? I know I've downloaded it and used it without giving anyone money;-)

New Member

Re: IDS 4125 , web interface access, CLI access, monitoring

Could you please send me an email how to configure that ?

Regards

zillah

forwardtruth@yahoo.com

Cisco Employee

Re: IDS 4125 , web interface access, CLI access, monitoring

IEV is available for "no additional charge" for users with an Cisco Services for IPS maintenance contract on their sensors.

So it is not technically free; it is already included in the base costs of the sensor and maintenance contracts.

Latest IEV for 5.x sensors is version 5.2(1):

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Latest IEV for 4.x sensors is version 4.1(1):

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

(Note: the 4.1(1) IEV is no longer being updated as signature support for version 4.x sensors has ended.)

399
Views
0
Helpful
6
Replies
CreatePlease to create content