Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
0
Helpful
6
Replies

Can I use even viewer 4.1 for IDS 3.0

p2peterus
Level 1
Level 1

‎12-30-2003 07:22 AM - edited ‎03-09-2019 06:00 AM

I have a IDS which is 3.0 and I am not getting alams on the CSPM, I get only route up or down and nofification , CAn I use IDS event viewer 4.1 to see the events from the IDS 4210, Do I need to configure anything on the IDS extra, This is UNIX base,

I used the Event viewer on IDS 4210 with 4.0 version and its working fine, I get the events.

Please let me know.

Labels:
0 Helpful
6 Replies 6

klwiley
Cisco Employee
Cisco Employee

‎12-30-2003 07:43 AM

No, Unfortunately the 4.X event viewer is not backwards compatible with 3.X sensors.

KLW

0 Helpful

david.d
Level 1
Level 1

‎12-30-2003 10:56 AM

Is there something that prohibits moving to 4.1? I'm new to Cisco IDS and am unfamiliar with the previous version.

0 Helpful

marcabal
Cisco Employee
Cisco Employee

‎01-02-2004 12:56 PM

You would need to use IEV 3.x to see events from 3.x sensors.

IEV 4.x only works with 4.x sensors.

If you have some sensors running 3.x and some sensors running 4.x, then you will need to load IEV 3.x on one machine, and IEV 4.x on a separate machine. The 2 versions of IEV can not be run on the same machine. NOTE: IEV can also not be run on the same machine as CSPM.

0 Helpful

p2peterus
Level 1
Level 1
In response to marcabal

‎01-03-2004 04:58 AM

You mean to say I should not install IDS event viewer on the same m/c where the CSPM is intalled, Do I need to do any config on the sensor when I am intalling IDS event view 3.x.

0 Helpful

bfl1
Level 1
Level 1
In response to p2peterus

‎01-03-2004 08:48 AM

Uninstall IEV and use Cisco Threat Response - it allows you to manage alarms from Cisco IDS 4.x,3.x, and RealSecure NetworkSensors from one console. Like CSPM, it too can not run on the same box as IEV - both use mysql. Right now Cisco Threat Response is free.

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to p2peterus

‎01-05-2004 11:54 AM

Correct, IEV should not be installed on the same machine as CSPM.

If you are managing the sensor with CSPM then through CSPM you will need to add the IEV machine as an additional destination for alarms.

Here is a link on how to configure this in CSPM for the sensor:

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch03.htm#xtocid2345617

If you are going to stop using CSPM and use IDM instead on the sensor itself then you can follow these directions:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13872_01.htm#xtocid12

0 Helpful
Customers Also Viewed These Support Documents