Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Monitor IPS with IEV?

Got notified that we have to upgrade our IDS 4.1 to IPS 5.0.

We currently use Cisco IEV to monitor the IDS. Can we use IEV to monitor IPS or do we need something else?

Finding info on cisco.com is like a d@mn treasure hunt.

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Monitor IPS with IEV?

Hello Tscislaw,

We went thru the same routine a few months back. Yes, you can still use IEV with IPS 5.1.x. Just go to the link http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/ --- which is the Cisco Secure Software Software Center (Downloads) page. Go the bottom and look for the Network IDS Management/Monitoring Software section. There you will find the IDS Event Viewer (IEV) for IPS v5.x.

This version works fine with the new IPS v5.1.x software. It even has a few enhancements like a "reports tab" next to the "views" and "filter" tabs in the bottom left corner of the IEV Console.

There are two things that are different. One, the help files are the same as v4.1. Cisco is working on updating them. Second, the fields in the export file. IEV 5.1 no longer breaks out the unix local date/time code to readable date and time columns. You need to be aware of this if you try to export the csv to Excel. Cisco TAC has a BugTrack number for this. A human readable date and time field will be added in IEV v5.2(6) according to them. This will help a lot in creating adhoc reports from the export file (as a lot of people did with v4.1).

Hope this answers your question.

DF

6 REPLIES
New Member

Re: Monitor IPS with IEV?

Hello Tscislaw,

We went thru the same routine a few months back. Yes, you can still use IEV with IPS 5.1.x. Just go to the link http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/ --- which is the Cisco Secure Software Software Center (Downloads) page. Go the bottom and look for the Network IDS Management/Monitoring Software section. There you will find the IDS Event Viewer (IEV) for IPS v5.x.

This version works fine with the new IPS v5.1.x software. It even has a few enhancements like a "reports tab" next to the "views" and "filter" tabs in the bottom left corner of the IEV Console.

There are two things that are different. One, the help files are the same as v4.1. Cisco is working on updating them. Second, the fields in the export file. IEV 5.1 no longer breaks out the unix local date/time code to readable date and time columns. You need to be aware of this if you try to export the csv to Excel. Cisco TAC has a BugTrack number for this. A human readable date and time field will be added in IEV v5.2(6) according to them. This will help a lot in creating adhoc reports from the export file (as a lot of people did with v4.1).

Hope this answers your question.

DF

New Member

Re: Monitor IPS with IEV?

DF,

Thank you very much for the info!

Cisco Employee

Re: Monitor IPS with IEV?

Something to also keep in mind.

The new IEV 5.1 will only support version 5.0, and 5.1 sensors.

It does not support the older version 4.x sensors.

Both IEV versions may not be installed on the same machine at the same time.

So you need to plan your migration accordingly.

New Member

Re: Monitor IPS with IEV?

--- One more thing...

The signature database in IEV v5.1 is no longer stored locally. It's on-line at MySDN. This cuts out the old v4.1 process of having to install a new IEV database everytime a new sig came out.

With v5.1 once you have IEV installed you only need to download the sigs for the sensor. Just remember to check for IEV updates now and then on the Cisco site.

New Member

Re: Monitor IPS with IEV?

>>...With v5.1 once you have IEV installed you only need to download the sigs for the sensor. Just remember to check for IEV updates now and then on the Cisco site....<<

That's good. One less thing to forget to do.

I get update notifications via email so looks like I'm good to go.

Thanks again for your help.

New Member

Re: Monitor IPS with IEV?

Your very welcome! And thanks for the check-mark.

... One last thing - I get the email update notifications as well, but I also make it a habit to check the website every time I check IEV for events. There have been cases where the sig or the service pack is on the website hours before the notices are emailed.

249
Views
0
Helpful
6
Replies