Re: How to configure IPS 4240 - K9 to send log file to syslog se

alialhinai2008 · ‎03-08-2011

I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice.

Thanks in advanced.

rhermes · ‎03-08-2011

Ali -

I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog messages. Your only options for sending signature event information are:

SDEE (an TLS Encrypted XML formatted message) the sensor is the SDEE Host and your event receiver (MARS, IME, Intelitactics, etc) is the client.

SNMP Traps - You need to set the "Action" on each signature you want the sensor to send a trap.

- Bob

Siddharth Chandrachud · ‎03-08-2011

Syslog uses UDP. SDEE uses TCP.

Use IME for Mars for event retrieval of IPS.

Otherwise, you can use a SDEE server.

Please check my document for further information: https://supportforums.cisco.com/docs/DOC-12515

- Sid

alialhinai2008 · ‎03-09-2011

I am running kiwi syslog server which recive the log from the devices which kiwi syslog server IP has been configured in. Since IPS is not supporting syslog and Kiwi is not supporting SDEE protocol, I am looking for SDEE serever which i can configure it to recive the IDS logs and send it kiwi syslog

Your support highly apprecaited,

How to configure IPS 4240 - K9 to send log file to syslog server