Cisco Support Community
Community Member


I am wondering if it is possible to have a perimiter router do IDS and log it to a UNIX syslog host. Do I have to buy additional hardware if I just want to detect it and log it?

Cisco Employee

Re: Cisco FW/IDS IOS

If all you are wanting to do is receive syslog messages forthe IDS events then all you need is the router, an IOS Firewall image that supports IDS for that router (not all Cisco routers support IOS Firewall with IDS) and any syslog server to send the syslog events to.

The alternative would be to purchase either CSPM or the IDS Unix Director and receive postoffice alerts rather than syslog messages. When using CSPM or the Unix Director there is a little bit more guarantee that you would get the alarms, and there is some search and filter capabilities that you won't find in a standard syslog viewing tool. But the standard syslog server works just fine for many user who don't want to spend the extra money.

NOTE: The IOS Firewall with IDS for the Cisco router does not contain a full signature set. It is only a limited signature set. For the full signature set you would need to go with the IDS-4210, IDS-4230, or WS-X6381-IDS (IDS Module for Cat 6K) and either CSPM or Unix Director.

NOTE2: The IDS processing will also consume cpu on your routers, so be sure that your routers are not being heavily utilized prior to adding IDS functionality to them.

CreatePlease to create content