Re: Configure IDS to monitor IOS router

wongks · ‎06-05-2002

Hi,

For monitoring IOS routers, do we need to configure any commands on the routers? Like to forward the syslog messages to CSPM?

Pls advice. Thank you

alewis · ‎06-05-2002

Yes, configure the IOS router to forward syslog events to the sensor, NOT CSPM. Then on CSPM configure a new data source as the interface from which the router syslog will originate from. How to do this is in the help files from CSPM / IDS Director

commands in IOS are

logging on

logging ip_address_of_sensor

logging trap informational

informational will send most events to the sensor. you may wish to reduce this

marcabal · ‎06-05-2002

The above instructions are true if you are wanting the sensor to alarm on ACL violations that are syslogged by the router.

If you are talking about the IDS alarm functionality in the IOS Firewall then you configure postofficed functionality on the IOS Firewall.

Then go to CSPM and add the IOS Firewall as a postoffice host.

This section may help on the CSPM configuration:

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch04.htm#xtocid2665211

wongks · ‎06-05-2002

Hi,

Thanks for your prompt reply.

I have add those commands in my IOS routers. I managed to see that the messages are forward to the IDS.

But I am not able to see these messages at the CSPM.

Do I need to configure any other settings in CSPM besides adding the monitoring IOS router ip address at the sensor?

I did not do a auto-discover on my IOS routers... Seems that there is no Settings1,Settings2 and Settings 3 tab at CSPM.

Is that a issue?