Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Viewing IPS Real Time Events From Multiple IPS Devices

What's the best strategy for viewing IPS real time events from multiple IPS devices now that VMS has been made EOL?

There was a nice single view of all IPS events from all IPS devices being managed in VMS and I was wondering where I can tell people to go to receive the same information about their networks. I don't see it in CSM and I don't think they'll find it in MARS. Please advise and correct me if I am wrong. Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Viewing IPS Real Time Events From Multiple IPS Devices

You can use IEV. This is a event viewer which has a real-time dashboard also. You can import multiple sensors into it and view the events real-time.

Link for IEV for 5.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Link for IEV for 4.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

Regards,

Vibhor.

11 REPLIES
Silver

Re: Viewing IPS Real Time Events From Multiple IPS Devices

You can use IEV. This is a event viewer which has a real-time dashboard also. You can import multiple sensors into it and view the events real-time.

Link for IEV for 5.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Link for IEV for 4.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

Regards,

Vibhor.

Silver

Re: Viewing IPS Real Time Events From Multiple IPS Devices

There is nothing in the Readme file about whether this product is limited to a maximum of 5 IPS devices.

If so, what do we do for larger deployments?

Silver

Re: Viewing IPS Real Time Events From Multiple IPS Devices

IEV is limited. For large enterprises the best option would be to use CiscoWorks VMS. If you are worried about VMS being EOL, probably, you have a old version running. Please upgrade to latest version 2.3 which is current:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_software_versions_comparison.html

Regards,

Vibhor.

Silver

Re: Viewing IPS Real Time Events From Multiple IPS Devices

Vibhor,

Thank you for responses.

Though what you suggest is a short term option because CiscoWorks VPN/Security Management Solution (VMS) is in maintenance mode with no further releases planned.

My customer liked the functionality of the IPS Manager in VMS for viewing Real Time Events. He now complains of the loss of data integrity by having to use MARS and having to trust its ability to correlate events. It's like being accustomed to working on routers via the CLI and being told henceforth you can only use the GUI.

Thanks again.

Gold

Re: Viewing IPS Real Time Events From Multiple IPS Devices

VMS SecMon will continue to accept events from 5.x and current 6.0 sensors, but Cisco has not made any promises that it will continue to do so for the life of 6.x

Cisco has a history of bumping us off the management platform of choice to the next thing they wish us to use. cough..director..VMS-MC..cough

New Member

Re: Viewing IPS Real Time Events From Multiple IPS Devices

Greetings, Vibhor. Just to clarify,

Cisco Security Monitor (CSM) alone DOES NOT provide the ability to see real-time IPS events from multiple sources......but the MARS add-on DOES provide this capability?

Thank you.

New Member

Re: Viewing IPS Real Time Events From Multiple IPS Devices

Hi,

Is it popssible to use the IDS Event Viewer for 6.x sensors? I only see ver 5.x download of the event viewer.

Thanks

Scott

Gold

Re: Viewing IPS Real Time Events From Multiple IPS Devices

I tested v6 and the IEV a little bit and it appears to work fine.

New Member

Re: Viewing IPS Real Time Events From Multiple IPS Devices

Yes, IPS Event Viewer (IEV) can be used with 6.x as well as 5.x sensors. Keep in mind that if you have upgraded to the new Cisco Security Manager (CSM) vers. 3.1, IEV is now integrated with that software. As a matter of fact, before you can install CSM 3.1, it will prompt you to un-install any previous versions of IEV before you can proceed.

If you are not using CSM 3.1, you should download/install IEV 5.2-1 for your 6.x sensor. Make sure you take a quick look at the read-me before you install.

Gold

Re: Viewing IPS Real Time Events From Multiple IPS Devices

So the 3.1 CSM has the event viewer built in? That is good news for those who were using VMS before and don't want to purchase CSMARS.

New Member

Re: Viewing IPS Real Time Events From Multiple IPS Devices

MARS as well as a few other 3rd party products can correlate multiple IDS sensor information.

In order for the 3rd party products to be compatible, they have to be able to access the Cisco IDS via RDEP or SDEE; if you search, you should be able to find some of them that are out there fairly easily with Google or another search engine.

261
Views
4
Helpful
11
Replies
CreatePlease to create content