topic Log save in Network Security

Log save

mitang.prajapati — Sun, 10 Mar 2019 12:00:54 GMT

Hi ,

I want to know how to save IPS 4260 logs.

Re: Log save

Scott Fringer — Tue, 01 Jun 2010 10:38:41 GMT

Cisco's IPS sensors allow event retrieval via the Security Device Event Exchange (SDEE) protocol. There are many products that support this protocol. Cisco provides a free solution called IPS Manager Express (IME). It will retrieve signature events from Cisco IPS sensors and store them in a local MySQL database. You can find out more about IME, and download it here:

http://www.cisco.com/go/ime

Another solution, for multiple security device log collection and incident correlation, is CS-MARS. You can find out more about CS-MARS here:

http://www.cisco.com/go.mars

Scott

Re: Log save

Munaf Ahmed — Wed, 02 Jun 2010 06:54:49 GMT

Scott,

Is there any product/tool avialable that our customer can use to pull IPS alarms/event logs via SDEE and save it on a syslog server (kiwi for example) ?

Thanks

Munaf

Re: Log save

Scott Fringer — Wed, 02 Jun 2010 10:28:02 GMT

Munaf;

I am not aware of such a product. I have heard of customers using perl scripts, and other custom solutions, to accomplish similar IPS event manipulation.

Scott

Re: Log save

Munaf Ahmed — Wed, 02 Jun 2010 12:06:09 GMT

I did some research, Security Information & Event Management (SIEM) solution provides log management capabilities for Cisco IPS and CS-MARS. Sansage SIEM supports SDEE protocol and it can pull data from Cisco IPS and CS-MARS.

http://www.sensage.com/solutions/siem.php?expandable=1