https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976603#M55051 <HTML><HEAD></HEAD><BODY><P>These are maintained by the IPS device itself in a circular buffer in RAM disk partition.</P><P>Once the event partition is full, it will start to overwrite over the oldest event.</P><P></P><P>You can use some tool which supports SDEE subscription and retrieve the events regularly from the device.</P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Fri, 06 Jul 2012 05:06:39 GMT sawgupta 2012-07-06T05:06:39Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976602#M55050 <P>Hi,</P><P></P><P>One of our IPS (4260) showing Applicaiton-log 96%, I just need to know where these logs are saved and how to backup these logs.?</P><P></P><P>Also I want to know where is the event logs are saved and is there a way to backup these logs as well?.</P><P></P><P>Appreciate if someone can advise me on the above please.</P><P></P><P>thanks</P> Sun, 10 Mar 2019 12:43:05 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976602#M55050 pemasirid 2019-03-10T12:43:05Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976603#M55051 <HTML><HEAD></HEAD><BODY><P>These are maintained by the IPS device itself in a circular buffer in RAM disk partition.</P><P>Once the event partition is full, it will start to overwrite over the oldest event.</P><P></P><P>You can use some tool which supports SDEE subscription and retrieve the events regularly from the device.</P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Fri, 06 Jul 2012 05:06:39 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976603#M55051 sawgupta 2012-07-06T05:06:39Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976604#M55052 <HTML><HEAD></HEAD><BODY><P>Hi Sawan,</P><P></P><P>Thanks for your time and response to this post. I still have some clarification on this and appreciate if you can advise or provide and url/documents;</P><P></P><P>-&nbsp; is there's any possibility to delete those files and how.</P><P>-&nbsp; if we have SDEE support tools how can we configured to backup those logs to a server..</P><P>-&nbsp; if the sensor rebooted will the above logs be deleted.</P><P>- i have seen IPS signature has an option send syslog traps, but general acceptance is to that IPS events doesnt support syslog traps, in that case I'm wondering why there's an option in the signature has for syslog.?.</P><P></P><P>Appreciate if you can clarify the above please.</P><P></P><P>thanks in advance.</P></BODY></HTML> Sat, 07 Jul 2012 09:39:40 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976604#M55052 pemasirid 2012-07-07T09:39:40Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976605#M55053 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>There is no way or benefit in deleting those files. Since it is a permanent circular buffer.</P><P></P><P>Regarding SDEE, it is enabled by default. IME can be configured to retreive all the events.</P><P><A class="jive-link-wiki-small" href="https://community.cisco.com/docs/DOC-12515">https://supportforums.cisco.com/docs/DOC-12515</A></P><P></P><P>The opton under signature action is for SNMP traps.</P><P></P><P>For exporting system logs to syslog server:</P><P><A class="jive-link-external-small" href="https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683">https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683</A></P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Sat, 07 Jul 2012 10:49:50 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976605#M55053 sawgupta 2012-07-07T10:49:50Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976606#M55054 <HTML><HEAD></HEAD><BODY><P> Sawan,</P><P></P><P>I have the same requirement of IPS logging to syslog but on a 4215 running on 6.0.6 E4. how do I get to this link you supplied?</P><P><A href="https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683">https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683</A></P><P></P><P>thanks,</P><P>Joe</P></BODY></HTML> Fri, 03 Aug 2012 19:12:27 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976606#M55054 joedansereau 2012-08-03T19:12:27Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976607#M55055 <HTML><HEAD></HEAD><BODY><P>Here are the manual steps:</P><P></P><P>- Login with service account</P><P>- Use command "/sbin/syslogd -m 0 -R <SYSLOG-SERVER-IP>"</SYSLOG-SERVER-IP></P><P></P><P>- or add this in /etc/inittab</P><PRE>null::sysinit:/sbin/syslogd -m 0 -R <SYSLOG-SERVER-IP></SYSLOG-SERVER-IP></PRE><P></P><P></P><P>Regards,</P><P>Sawan Gupta</P></BODY></HTML> Sat, 04 Aug 2012 02:14:27 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976607#M55055 sawgupta 2012-08-04T02:14:27Z https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976608#M55056 <HTML><HEAD></HEAD><BODY><P>Sawan,</P><P></P><P>will this send Status and Error events also or only send IPS Alert events configured with the send to syslog option configured on the signature?</P><P></P><P>Thanks,</P><P>Joe</P></BODY></HTML> Mon, 06 Aug 2012 14:52:00 GMT https://community.cisco.com/t5/network-security/ips-aplication-log/m-p/1976608#M55056 joedansereau 2012-08-06T14:52:00Z