Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX syslog to sensor

Does anyone know if a sensor can be configured to interpret PIX syslog/IDS messages and notify the director? Thanks in advance.

  • Other Security Subjects
New Member

Re: PIX syslog to sensor

the sensor cannot do this. The sensor will only accept syslog messages from routers that it is using for shunning. Why dont you configure the pix to notify the director? you must be using pix 6.0 or higher.

New Member

Re: PIX syslog to sensor

I can't find any commands similiar to the router IOS IDS commands on the PIX, enabling the po protocol for communication to the director. Unless you mean just log out to the syslog service.

Cisco Employee

Re: PIX syslog to sensor

You are correct that the Pix did not port the Postoffice protocol when they implemented IDS on the Pix.

So you would have to rely on the syslog messages generated by the Pix.

CSPM is able to receive both the alarms generated by the IDS sensors and the syslog messages from the Pix.

They are not viewed in the same windows nor appear in the same reports, so you will have to look at both the syslog reports from the Pix and the IDS alarms. I believe that there might already be initiaives to correlate the data from the two message types in a future product, but I don't know any details

If using the Unix Director then you will have to rely on a third package for viewing the syslog data for the Pix.

You could look for syslog analyzers that are not security specific or you can purchase NetForensics which is able to receive alarms from the IDS sensors as well as the syslog messages from the Pix. I believe that it supposed to be able to coordinate data from the IDS sensor alarms in the syslog messages wiht some type of links, but I have not tried it myself. I would reccomend contacting NetForensics directly if that interests you:

This widget could not be displayed.