MARS and IME both use the 'pull' event architecture to retrive events from IPS devices, and as already answered both can 'pull' events from the same IPS device simultaneously without any issues (except the performance lag). IME will store events in its MSDE database and MARS has its own oracle database (which can be archived using unix NFS). IME is limited to 10 sensors tough.
Ok, so do I understand correctly that there is no way to have IDSM send its logs out to a generic log server? I undersatd SDEE and the "pulling" of events from IDSM. Is there no way to have IDSM push? Maybe via syslog rather than SDEE?
You are correct, the IPS does not support syslog reporting. You can enable SNMP traps on a per signature basis tough. But once has to be careful not to over whelm the IPS Cpu/memory resources in doing so.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...