06-05-2002 09:03 AM - edited 03-08-2019 10:51 PM
Hi,
For monitoring IOS routers, do we need to configure any commands on the routers? Like to forward the syslog messages to CSPM?
Pls advice. Thank you
06-05-2002 01:30 PM
Yes, configure the IOS router to forward syslog events to the sensor, NOT CSPM. Then on CSPM configure a new data source as the interface from which the router syslog will originate from. How to do this is in the help files from CSPM / IDS Director
commands in IOS are
logging on
logging ip_address_of_sensor
logging trap informational
informational will send most events to the sensor. you may wish to reduce this
06-05-2002 03:03 PM
The above instructions are true if you are wanting the sensor to alarm on ACL violations that are syslogged by the router.
If you are talking about the IDS alarm functionality in the IOS Firewall then you configure postofficed functionality on the IOS Firewall.
Then go to CSPM and add the IOS Firewall as a postoffice host.
This section may help on the CSPM configuration:
http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch04.htm#xtocid2665211
06-05-2002 11:23 PM
Hi,
Thanks for your prompt reply.
I have add those commands in my IOS routers. I managed to see that the messages are forward to the IDS.
But I am not able to see these messages at the CSPM.
Do I need to configure any other settings in CSPM besides adding the monitoring IOS router ip address at the sensor?
I did not do a auto-discover on my IOS routers... Seems that there is no Settings1,Settings2 and Settings 3 tab at CSPM.
Is that a issue?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: