https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063304#M78751 <HTML><HEAD></HEAD><BODY><P>There is also the IEV successor called Cisco IME (IPS Manager Express), which can manage up to 5 IPS devices and also can pull and store events.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime" target="_blank">http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime</A></P></BODY></HTML> Sun, 28 Sep 2008 17:25:01 GMT mathias.mahnke 2008-09-28T17:25:01Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063301#M78748 <P>Anyone know is there a way to retrieve/backup the events in the AIP-SSM20 event store ?</P><P></P><P>I had read through their manual/white paper, but it didn't mention anything about retrieving/backing up the event store except on how to clear it.</P><P></P><P>Thanks.</P><P></P><P>CMYip</P> Sun, 10 Mar 2019 11:18:27 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063301#M78748 cmyip 2019-03-10T11:18:27Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063302#M78749 <HTML><HEAD></HEAD><BODY><P>The IDS Sensor can not archive the signature events for a long time as they have a fixed memory space in order to store the signature events, which is overwritten when full. But, these events can be stored to an external management system such as CiscoWorks VPN/Security Management Solution (VMS), Cisco Security Monitoring, Analysis and Response System (CS-MARS), or IDS Event Viewer (IEV). </P><P></P><P>Refer to Cisco Downloads in order to download the IDS Event Viewer.</P><P></P><P></P><P></P><P>Do rate helpful posts.</P><P></P><P></P><P>Regards,</P><P>Sushil</P></BODY></HTML> Fri, 26 Sep 2008 12:36:10 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063302#M78749 suschoud 2008-09-26T12:36:10Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063303#M78750 <HTML><HEAD></HEAD><BODY><P>suscoud is right. Cisco has shrunk the event store as they have moved from hard disk based sensors to flash based with less storage. You have to get your events off the sensor or you will loose them. In addition to the methods suscoud mentioned above you also use SNMP if you set the action on each active signature you want to alert to send an SNMP Trap when they fire. This does not send as much information as an SDEE feed to VMS/CS-MARS/IEV.</P></BODY></HTML> Fri, 26 Sep 2008 16:23:31 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063303#M78750 rhermes 2008-09-26T16:23:31Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063304#M78751 <HTML><HEAD></HEAD><BODY><P>There is also the IEV successor called Cisco IME (IPS Manager Express), which can manage up to 5 IPS devices and also can pull and store events.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime" target="_blank">http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime</A></P></BODY></HTML> Sun, 28 Sep 2008 17:25:01 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063304#M78751 mathias.mahnke 2008-09-28T17:25:01Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063305#M78752 <HTML><HEAD></HEAD><BODY><P>Thanks for all the reply. I'm using the IME now, but i don't see any option saving the store events to hard disk.</P><P></P><P>I will try out the IDS Event Viewer later. I read that it had a archive feature that can store the event to hard disk.</P><P></P><P>Will let you guy know the result later.</P><P></P><P>CMYip</P></BODY></HTML> Tue, 30 Sep 2008 08:24:47 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063305#M78752 cmyip 2008-09-30T08:24:47Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063306#M78753 <HTML><HEAD></HEAD><BODY><P>Does anyone know how to retrieve the archived data? I upgraded from IEV to IME but need to track down the old data for a PCI audit. Any help will be greatly appreciated. Thanks. </P></BODY></HTML> Fri, 24 Oct 2008 18:52:50 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063306#M78753 vpersaud001 2008-10-24T18:52:50Z https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063307#M78754 <HTML><HEAD></HEAD><BODY><P>Anyone?? Thanks. </P></BODY></HTML> Mon, 27 Oct 2008 20:09:18 GMT https://community.cisco.com/t5/network-security/aip-ssm20-event-store/m-p/1063307#M78754 vpersaud001 2008-10-27T20:09:18Z