Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS Sensor Reports

Hi all,

I have a customer that is looking to create reports based on his IPS sensor logs. Can IDM or CiscoWorks VMS do this for him or will he need something more such as MARS? Any input would be appreciated.

Thanks,

Chris

5 REPLIES

Re: IPS Sensor Reports

Hi,

I guess it depends on a lot of factors, something like IEV (IPS event viewer) is free and can generate simple reports like top 10 alerts, top 10 attackers, etc, but it has to be running all the time. IDM isn't much good as although you can view the events I don't think you can generate any reports.

MARS is probably at the top end, and will certainly give you reports, but does loads more besides. (we get over a million raw events a day - without something like MARS you couldn't possibly do anything meaningful with that volume of events)

I'd start with IEV and then look at alternatives if it doesn't meet the requirements.

HTH

Andrew.

Community Member

Re: IPS Sensor Reports

Hi,

I'm trying to download IEV but it says no files found. Is there anyother place I can download IEV?

Thx in advance,

Regards,

Janakan Rajendran

Gold

Re: IPS Sensor Reports

The Security Monitor (SecMon) part of VMS 2.3 will generate IPS reports, but you have limited controll of their contents. You can load it on a W2K platform and run it for 60 or 90 days with the default trial license to see if it fits your needs:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/index.html

Community Member

Re: IPS Sensor Reports

I'm running sensor software version 5. I don't believe that IEV is an option under 5.x, correct?

Gold

Re: IPS Sensor Reports

It is available for 5.x.

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

There is a problem with the current readme link for the latest version though (missing a space). This link should work:

http://ftp-sj.cisco.com/cisco/crypto/3DES/ciscosecure/ids/event-viewer/IEV-5.2-1%20readme.txt

170
Views
0
Helpful
5
Replies
CreatePlease to create content