Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Gold

IPS-SM Archive Pruning File format

The Archived Pruning files from the VMS Event database contain

the alerts that are pruned to keep the database a reasonable size. Each time

pruning occurs a new directory is created, named after the date/time of

creation such as:

01012006_061416

Within each created directory are 6 files

nids_2-0_01012006_061416.txt

nidsAttack_2-0_01012006_061416.txt

nidsAvp_2-0_01012006_061416.txt

nidsEventLog_2-0_01012006_061416.txt

nidsIp_2-0_01012006_061416.txt

nidsTrigger_2-0_01012006_061416.txt

The contents of these .txt files are in Comma Separated Value format. I need

the name and definition of the columns and files, but can't find any documentation.

1 REPLY
Bronze

Re: IPS-SM Archive Pruning File format

Pruning archive files are CSV text files. They can contain the following types of data:

NIDS (Network IDS events)

Firewall (PIX Firewall and Firewall Service Module events)

CSA (CSA Host IDS events

Audit log (System events)

You can import audit log files upgraded from the Security Monitor 1.2 database. However, in Security Monitor 2.0 or later, you can no longer archive audit log data.

Pruning archive files are created by the Pruning Daemon (IDS_DatabasePrune)

http://www.cisco.com/en/US/products/sw/cscowork/ps3991/products_user_guide_chapter09186a008059f484.html#wp220602

289
Views
0
Helpful
1
Replies
CreatePlease login to create content