Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Log save

Hi ,

I want to know how to save IPS 4260 logs.

4 REPLIES
Cisco Employee

Re: Log save

Cisco's IPS sensors allow event retrieval via the Security Device Event Exchange (SDEE) protocol.  There are many products that support this protocol.  Cisco provides a free solution called IPS Manager Express (IME).  It will retrieve signature events from Cisco IPS sensors and store them in a local MySQL database.  You can find out more about IME, and download it here:

http://www.cisco.com/go/ime

Another solution, for multiple security device log collection and incident correlation, is CS-MARS.  You can find out more about CS-MARS here:

http://www.cisco.com/go.mars

Scott

Cisco Employee

Re: Log save

Scott,

Is there any product/tool avialable that our customer can use to pull IPS alarms/event logs via SDEE and save it on a syslog server (kiwi for example) ?

Thanks

Munaf

Cisco Employee

Re: Log save

Munaf;

  I am not aware of such a product.  I have heard of customers using perl scripts, and other custom solutions, to accomplish similar IPS event manipulation.

Scott

Cisco Employee

Re: Log save

I did some research, Security Information & Event Management (SIEM) solution provides log management capabilities for Cisco IPS and CS-MARS. Sansage SIEM supports SDEE protocol and it can pull data from Cisco IPS and CS-MARS.

http://www.sensage.com/solutions/siem.php?expandable=1


http://www.sensage.com/solutions/siem.php?expandable=1

502
Views
0
Helpful
4
Replies
CreatePlease to create content