Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
1
Replies

IPS-SM Archive Pruning File format

rhermes
Level 7
Level 7

‎01-25-2006 05:28 PM - edited ‎03-10-2019 01:51 AM

The Archived Pruning files from the VMS Event database contain

the alerts that are pruned to keep the database a reasonable size. Each time

pruning occurs a new directory is created, named after the date/time of

creation such as:

01012006_061416

Within each created directory are 6 files

nids_2-0_01012006_061416.txt

nidsAttack_2-0_01012006_061416.txt

nidsAvp_2-0_01012006_061416.txt

nidsEventLog_2-0_01012006_061416.txt

nidsIp_2-0_01012006_061416.txt

nidsTrigger_2-0_01012006_061416.txt

The contents of these .txt files are in Comma Separated Value format. I need

the name and definition of the columns and files, but can't find any documentation.

Labels:
0 Helpful
1 Reply 1

pradeepde
Level 5
Level 5

‎01-31-2006 02:09 PM

Pruning archive files are CSV text files. They can contain the following types of data:

NIDS (Network IDS events)

Firewall (PIX Firewall and Firewall Service Module events)

CSA (CSA Host IDS events

Audit log (System events)

You can import audit log files upgraded from the Security Monitor 1.2 database. However, in Security Monitor 2.0 or later, you can no longer archive audit log data.

Pruning archive files are created by the Pruning Daemon (IDS_DatabasePrune)

http://www.cisco.com/en/US/products/sw/cscowork/ps3991/products_user_guide_chapter09186a008059f484.html#wp220602

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card