https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341846#M68242 <HTML><HEAD></HEAD><BODY><P>Yes, you can use mars or IME (any combination) to both simultaneously pull alerts using sdee from the sensor.</P></BODY></HTML> Fri, 20 Nov 2009 23:43:07 GMT Jim Thomas 2009-11-20T23:43:07Z https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341845#M68241 <P>Is it possible to send events from the IDSM2 to two different aggregation points simultaniously?&nbsp; Say for instance, Cisco MARS and some other SIEM.</P> Sun, 10 Mar 2019 11:49:58 GMT https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341845#M68241 000000jbl 2019-03-10T11:49:58Z https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341846#M68242 <HTML><HEAD></HEAD><BODY><P>Yes, you can use mars or IME (any combination) to both simultaneously pull alerts using sdee from the sensor.</P></BODY></HTML> Fri, 20 Nov 2009 23:43:07 GMT https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341846#M68242 Jim Thomas 2009-11-20T23:43:07Z https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341847#M68243 <HTML><HEAD></HEAD><BODY><P>MARS and IME both use the 'pull' event architecture to retrive events from IPS devices, and as already answered both can 'pull' events from the same IPS device simultaneously without any issues (except the performance lag). IME will store events in its MSDE database and MARS has its own oracle database (which can be archived using unix NFS). IME is limited to 10 sensors tough.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Sun, 22 Nov 2009 14:00:09 GMT https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341847#M68243 Farrukh Haroon 2009-11-22T14:00:09Z https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341848#M68245 <HTML><HEAD></HEAD><BODY><P>Ok, so do I understand correctly that there is no way to have IDSM send its logs out to a generic log server?&nbsp; I undersatd SDEE and the "pulling" of events from IDSM.&nbsp; Is there no way to have IDSM push?&nbsp; Maybe via syslog rather than SDEE?</P></BODY></HTML> Tue, 24 Nov 2009 16:02:29 GMT https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341848#M68245 000000jbl 2009-11-24T16:02:29Z https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341849#M68247 <HTML><HEAD></HEAD><BODY><P>You are correct, the IPS does not support syslog reporting. You can enable SNMP traps on a per signature basis tough. But once has to be careful not to over whelm the IPS Cpu/memory resources in doing so.</P><P></P><P>Regards</P><P><BR />Farrukh</P></BODY></HTML> Tue, 24 Nov 2009 20:55:10 GMT https://community.cisco.com/t5/network-security/idsm2-logging/m-p/1341849#M68247 Farrukh Haroon 2009-11-24T20:55:10Z