Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RDEP

Looking on HTTP traffic between EventViewer and new IDS sensor 4.0:

1) Client register with sensor using URL

http://SENSOR/cgi-bin/event-server?action=open&events=evAlert&alertSeverities=low+medium+high'

and obtains 'subscriptionId' in reply.

2) Client pulls new events using URL http://SENSOR/cgi-bin/event-server?action=get&'${ID}'&confirm=yes&maxNbrOfEvents=100&timeout=5'

using stored subscriptionId?

This is how it works?

How long will sensor keep subscription? Is any way to obtain RDEP SDK or protocol description?

PS: I migrated 3.1 environment on scripts after my Director stops to forward events after another signature update...Don't like to buy expensive VMS just to collect events from sensors and put them in DB, especially after two-years expirence with LMS, sorry.

1 REPLY
Cisco Employee

Re: RDEP

116
Views
5
Helpful
1
Replies