I have a ASA-SSM-20 with ver 7.0.(1 )installed on a ASA5520. I manage it with IME 7.0.1. With IME you can view event using event monitoring and disply also historic event. Does someone knows if this event are stored on SSM module or on the IME Database (on local PC) ? There is the possibility to manage the Max size of the event monitored and archive them ? This event can be sent by the SSM module using syslog messages ?
Signature alerts are transfered from the AIP-SSM module to your PC running IME and the alerts are achived in a local PC database. The events will persist in a circular buffer on the AIM-SSM module for a short peroid of time, untill they are overwritten. You can not configure the size of the AIP-SSM event store.
You can not send Syslogs for any alerts or events from the sensor. SNMP traps are spported, but you have to set that action on a signature by signature basis.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...