Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

sending IDS alerts to remote syslog server?

Hello

is there any supported way to send IDS alerts (4210 running 3 and 4.1) to a remote syslog server? Either through VMS or at the sensor itself ?

thanks

Martin Pfeilsticker

3 REPLIES
Silver

Re: sending IDS alerts to remote syslog server?

As far as my knowledge goes, you cannot send IDS alerts to a remote syslog server.

New Member

Re: sending IDS alerts to remote syslog server?

We have had success sending alerts to an remote server by adding its ip address to the sensors Remote Host config on the MC

Then we imported the sensors from the console of the remote syslog server and the alarms poured in

We got much better success recording alarms than with the security monitor

Hope this is helpful

New Member

Re: sending IDS alerts to remote syslog server?

Exactly how did you get the sensor to generate syslog messages?

I added the syslog server to the truster hosts, but I don't see any port 514 traffic leaving the sensor (I used tcpdump.)

Are the syslog messages coming directly from the sensor or the VMS server?

Thanks

117
Views
0
Helpful
3
Replies