Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSPM server talking to Additional Destinations

Is it possible to get alarm information sent from from the CSPM server to something like syslog (using port 514) on a UNIX box. If so can you give me details. I have entered information into the "Additional Destination" tab and updated a sensor. I can go to the sensor and look at the config files in the etc directory, "destinations, hosts, routes", and I see the additional host. But the alarm information is not getting to the UNIX host.

Cisco Employee

Re: CSPM server talking to Additional Destinations

The additional destination tab only supports adding of other boxes that ALSO have Cisco IDS software running on them.

The additional destination could be another sensor, another CSPM box, the Intrusion Detection Director Software for Unix, or specific 3rd party vendors that have included special Cisco IDS software in order to recieve the alarms.

The IDS software on the destination machine has to also be configured to accept the alarms from the sensor.

There is not a builtin mechanism for converting the alarms to syslogs.

The only built in mechanism is to have emails generated for specific alarms.

You can also create your own program that can be executed by CSPM and be passed the alarm information.

SO you could write your own program that would convert the alarms into syslogs and send them to your Unix box.

New Member

Re: CSPM server talking to Additional Destinations


I kind of figured this was the case. Thank you for your timely responce.