Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Send alerts to syslog?

All, I have read some comments while googling about people sending alerts to syslog, but I can't find any official documentation that explains how to do this, or even that it can be done. Any search I do on "syslog" and "netranger" or "Cisco secure" or "Cisco IDS" etc. only pops up pages that say the IDS can *accept* syslog.

I've upgraded the sensor to 3.1 and am using the web admin interface.

  • Other Security Subjects
6 REPLIES
Cisco Employee

Re: Send alerts to syslog?

Cisco IDS does not have built in functionality to send alarms as syslog messages.

You can, however, use eventd on the Unix Director, or the custom script execution feature in CSPM to convert the alarms into syslog messages.

You would have to write that conversion script yourself. Or perhaps someone else on this forum has already created that script and can send you a copy?

NOTE: Cisco IDS can accept syslog messages from routers. It can filter through all the messages and create alarms for acl violation messages. But this is not likely what you want.

New Member

Re: Send alerts to syslog?

Thank you for the straight answer. I can't use CSPM or Unix director due to circumstances, and we want syslog. Sigh. At least now I know (already kind of did but I needed confirmation).

New Member

Re: Send alerts to syslog?

Since I'm on the topic though, is there a good document anywhere on how to configure the sensor via the web interface? I haven't been able to find any that mention it more than in passing. The main thing I haven't been able to do find out where the alerts are being held, if the thing is even sending them!

New Member

Re: Send alerts to syslog?

Since I'm on the topic though, is there a good document anywhere on how to configure the sensor via the web interface? I haven't been able to find any that mention it more than in passing. The main thing I haven't been able to do find out where the alerts are being held, if the thing is even sending them!

Cisco Employee
New Member

Re: Send alerts to syslog?

Just create a cronjob that pipes the log output via "logger", or create an event trigger to do this.

139
Views
0
Helpful
6
Replies