I'm looking for recommendations on the best way to archive(export) my events from Security Monitor for at least 4 weeks and if asked...import the event log into SM for research. All of my sensors are at the 4.x version. Is that even possible???
You will see that you have 2 options for saving off version 4.x alarms from Security Monitor.
You can use IdsAlarms.exe to export the alarms in IDIOM format (native 4.x format) and then use additional options to delete and purge the alarms from the database.
Then use IdsImportIdiom to re-import the alarms.
The IDIOM format is nice to have when you will be loading the alarms into other management boxes. Because the alarms will be in standard 4.x IDIOM format the other management box won't have to understand specific formats for Security Monitor.
The other option is to archive that alarms in a format specific to Security Monitor (a comma delimited format that can archive the IDS alarms as well as the other data collected by Security Monitor)
You would use the IdsPruning utility to export the alarms and prune them from the database.
And then use the IdsImportArchivedData utility for re-importing them into security monitor.
Since they are in a security monitor format this works fine and reduces space when they will only be imported back into security monitor. But if you will be importing them to other types of management stations (or your own database) then I recommend using the IdsAlarm.exe with the IDIOM format.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :