Is there a way to get e-mail notifications for all IPS alerts? I know i can get e-mail logs daily but I'd like to be notified immediately when an intruder tries to attack my network. I know other IPS systems have this option but I am unable to find it in CISCO SA540 IPS.
There is no way that I can think of to achieve what you are asking in the SA540. The best you can do is have the logs emailed to you every hour and then manually scan (or set something up to do it automatically outside of the SA540) the contents for *DROP* (or something similar).
My plan is ot use no third party application except for SysLog server. I am not using Kiwi. I am using Linux/Unix syslog server (syslog-ng) and will use MSSQL Server 2008 R2 (doesn't have to be enterprise).
I was able to utilize vb code from another post and turn it into a syslog server of my own. I can send you a copy of this code if you'd like. It works well on Windows 7/2008R2 and I have tested it fine. Takes syslog from SA540 and writes it down into different files for each logging facility. I still haven't worked on email notifications but that'll be an easy thing to do with VB.
You are right, there are a lot of free and open source alterntatives available. However, more outside software you put in your secure environment, less sense of security there is left. Because we are using SA540 mainly as security device here, It wouldn't be a good idea to use software built by a total stranger
Article ID:3091 Reboot and Factory Default Reset on ISA500 Series
Integrated Security Appliances Objective Reboot or restart of the
network device is made when certain changes in the settings need reboot
or if the device is frozen. The configuration setti...
Article ID:3403 WAN Quality of Service (QoS) Policy Profiles Settings on
ISA500 Series Integrated Security Appliances Objective Wide Area Network
(WAN) Quality of Service (QoS) policy profiles manage traffic through
classed-based profiles. These profiles ...
Article ID:2922 Cisco QuickVPN Installation Tips for Windows Operating
Systems For a video showing installation tips on Quick VPN, visit
http://youtu.be/hHu2z6A78N8 Objective Cisco QuickVPN is a free software
designed for remote access to a network. It is...