Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IdsAlert utility

Hi all,

I want to export the ids alerts in txt format from the database, by the idsalert utility.

Is there a way to know the field names to use in the -s option?


Community Member

Re: IdsAlert utility

I am guessing that this is VMS server with idsmc and secmon. Just a suggestion but have you tried using the script that comes with the default installation> this script will call the Ids Pruning Utility (IdsPruning.exe). You can use the Ids Pruning Utility to perform the following tasks:

Delete events from the database that were stored before a specified date.

Delete events from the database that are older than a specified number of days.

Delete events from the database that you marked for deletion in Event Viewer.

Delete events of a specified severity from the database.

Delete a specified number of events from the database. The oldest events are deleted.

TEXT Format output

**Archive events that you are about to delete in a comma-separated value format.

Security Monitor 1.2 introduces the ability to import archive files created by the IdsPruning utility. To import the pruning archive files, you use the IdsImportArchivedData utility


Re: IdsAlert utility

you want to use the IDSAlarms utility.

The -s clauses are very poorly documented, only after hounding our Cisco folks were we able to find such usefull gems as:

idsalarms -s"event_storage_time BETWEEN '2004-03-30 17:00' AND '2004-03-30 17:02'"

(this dumps only the events between the two times)

- Bob

CreatePlease to create content