Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
433
Views
0
Helpful
1
Replies

too frequent ftp of logs

jeff.gift
Level 1
Level 1

‎02-07-2002 09:29 AM - edited ‎03-08-2019 09:46 PM

Hi,

I would simply like to ftp the logs off the IDSM to the ftp server once a day. My IDSM is sending them about every two minutes. Is there a setting somewhere other than the sapd config?

Thanks!

Labels:
0 Helpful
1 Reply 1

wardwalk
Cisco Employee
Cisco Employee

‎02-07-2002 12:25 PM

Hi Jeff,

Have you recently enabled log file ftp on your IDSM? It's likely that the log files being ftp'ed are older closed log files that have collected before log file ftp was enabled. Once these have all been ftp'ed, the ftp frequency should decrease because log files will only be ftp'ed as they're closed. Log files are closed on a time basis and a size basis. So, each time a log file gets full or too old, it's closed and is ftp'ed off.

If you're still seeing too frequent ftp'ing of log files, you may want to adjust what signatures your IDSM is alarming on.

Hope that helps.

Ward.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents