Solved: IDM and PCI Compliance

bchewning · ‎06-30-2011

Hello, I have an ASA 5510 with and AIP-SSM installed. The question is, will the IDM store the logs from the IPS module even when it is closed, or does it have to stay open? Also, if either one loses power, are the logs lost and will they start back automatically? If not, how can I make this happen for PCI compliance purposes?

haivrajesh · ‎07-01-2011

Hi,

The IDm will Not Store Loge are events.You have to enable external syslog are you can use Cisco IPS Manager Express(IME).

Rajeswar.

View solution in original post

haivrajesh · ‎07-01-2011

Hi,

The IDm will Not Store Loge are events.You have to enable external syslog are you can use Cisco IPS Manager Express(IME).

Rajeswar.

agent2007 · ‎07-02-2011

Rajeswar,

I didnt think syslog was supported for AIP SSM? You might clarify this please?

Tks

rhermes · ‎07-05-2011

You are correct, none of the Cisco IPS Sensors support Syslog for transmitting signature events.

The orginal poster of this thread asked about the event "logs" and I was trying to answer his question using his terminology.

- Bob

rhermes · ‎07-01-2011

If by "logs" you mean the signature events the IPS Sensor generates, then the answer is mostly yes.

The Sensor has a circular buffer for event storage. It will keep these event until they are overwritten.

How quickly they are overwritten is a factor of buffer size, event size, packet capture options, etc (there was a forum thread on this very topic you can search for)

If you are concerned about keeping event logs, you can install the free IME server and pull events from the sensor. If you are REALLY concerned about getting events logs you can stand up two IME servers (they will cost you some sensor overhead though) and keep them on your host, instead of your senor. Each sensor can support up to 5 devices (I think) pulling events.

- Bob

bchewning · ‎07-07-2011

Thank you for the reply. Can you send a link on where to download the IME Server?