Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

too frequent ftp of logs

Hi,

I would simply like to ftp the logs off the IDSM to the ftp server once a day. My IDSM is sending them about every two minutes. Is there a setting somewhere other than the sapd config?

Thanks!

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: too frequent ftp of logs

Hi Jeff,

Have you recently enabled log file ftp on your IDSM? It's likely that the log files being ftp'ed are older closed log files that have collected before log file ftp was enabled. Once these have all been ftp'ed, the ftp frequency should decrease because log files will only be ftp'ed as they're closed. Log files are closed on a time basis and a size basis. So, each time a log file gets full or too old, it's closed and is ftp'ed off.

If you're still seeing too frequent ftp'ing of log files, you may want to adjust what signatures your IDSM is alarming on.

Hope that helps.

Ward.

90
Views
0
Helpful
1
Replies
This widget could not be displayed.