Is it possible to get alarm information sent from from the CSPM server to something like syslog (using port 514) on a UNIX box. If so can you give me details. I have entered information into the "Additional Destination" tab and updated a sensor. I can go to the sensor and look at the config files in the etc directory, "destinations, hosts, routes", and I see the additional host. But the alarm information is not getting to the UNIX host.
Re: CSPM server talking to Additional Destinations
The additional destination tab only supports adding of other boxes that ALSO have Cisco IDS software running on them.
The additional destination could be another sensor, another CSPM box, the Intrusion Detection Director Software for Unix, or specific 3rd party vendors that have included special Cisco IDS software in order to recieve the alarms.
The IDS software on the destination machine has to also be configured to accept the alarms from the sensor.
There is not a builtin mechanism for converting the alarms to syslogs.
The only built in mechanism is to have emails generated for specific alarms.
You can also create your own program that can be executed by CSPM and be passed the alarm information.
SO you could write your own program that would convert the alarms into syslogs and send them to your Unix box.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...