Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Open Source Based Cisco Syslog Analysis - Is it available?

Hello I am looking for a way to generate reports (preferably html) on Cisco IDS logs sent to a unix syslog server. Support for access lists and any other information sent to syslog up to and including debug level would be very nice! If there are not any good open source tools, are there software provided by Cisco to meet these requirements?

Thanks.

2 REPLIES
Cisco Employee

Re: Open Source Based Cisco Syslog Analysis - Is it available?

Hi Slade,

As for all the reporting and management, depending on the requirements, you could either go in for VMS2.2 which has the IDSMC and Security Monitor or can avail of the extensive reporting in CiscoWorks Security Information Management (CWSIM) product.

VMS2.2

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps2330/prod_bulletin09186a008017dc68.html

CWSIM

http://www.cisco.com/en/US/partner/products/sw/cscowork/ps5209/prod_bulletin09186a008017dcb1.html

As for trying to build your own software, the below specs will help (when they are available on CCO)

If the IDS is on 4.0, then there is the RDEP (Remote Data Exchange Protocol)

RDEP is an application-level communications protocol used to exchange Intrusion Detection System (IDS) event, configuration and control messages between IDS clients and IDS servers.

and (Intrusion Detection Interaction and Operations Messages (IDIOM) specifications. Intrusion Detection Interchange and Operations Messages (IDIOM) is a data format standard that defines the event messages that are reported by intrusion detection systems (IDS) as well as the operational messages that are used to configure and control intrusion detection systems. These messages consist of XML documents that conform to the IDIOM XML schema. This document specifies the semantics of the IDIOM schema.

Both these will be made available on CCO. RDEP was available but the link is being fixed. IDIOM is slated to be available in the near future on the below url;

http://www.cisco.com/cgi-bin/dev_support/access_level/products.cgi?product=IDS_INT_API

Hope this helps.

Yatin

New Member

Re: Open Source Based Cisco Syslog Analysis - Is it available?

Thanks Yatin. I should have been a bit more clear. I was actually talking about Cisco IOS with the IDS feature set. The CWSIM product looks nice. I actually found an open source software that might be useful though it appears to lack good documentation. Its called CSWA. The url is at http://www.ciro.dk/. I believe its also listed on the sourceforge repository for Cisco Open Source software.

997
Views
0
Helpful
2
Replies
CreatePlease to create content