Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2557
Views
0
Helpful
1
Replies

SIMS

antonios
Level 1
Level 1

‎02-02-2005 01:47 AM

Hi,

I was wondering if anyone with some SIMS experience could assist.

I have taken a look at all of the administration and configuration guides available for SIMS on the web and I have found them a bit unclear.

Does anyone perhaps have some additional material that they could share that would assist in the install ?

My second question is regarding the collection of the logging information coming off the PIX firewall IDS and network appliance IDS. Does one simply configure the SIMS server as a destination for syslog messages ?

I see that there are agents , what are these agents for ?

Any assistance would be greatly appreciated.

Many thanks

Tony

Labels:
0 Helpful
1 Reply 1

g.kwait
Level 1
Level 1

‎02-02-2005 07:17 AM

Tony,

We just recently purchased the SIMS product. We are still waiting to deploy it, however, I have some info you may find useful as we have a demo installed currently.

The SIMS product is a direct re-sale of netForensics. I recommend checking out there site, netforensics.com. Regarding your second question.

First, the SIMS product is completly modular, check netForensics site for more specifics. Basically you will have several components, a database server, an agent server, and a couple other servers. Now keep in mind depending on your config, these can all be on one physical box. We are splitting the agent server and the database server. The agent server runs some software that pretty much normalizes the events coming in from different devices, and then sends them off to the dB server. So the answer to your question is Yes, you will send your syslogs, or what ever type of logs to the "Agent Server."

Now from working with the product. The interface is great. It is all java, which I have to admit I was leary about, but they seem to have done an excellent job with it. The GUI is easy to work with. You are presented with a "desktop" that has a similar look and feel to a Linux desktop.

I would recommend getting with your Cisco rep, and have them get the netForensic folks out there to install and work with you on a proof of concept.

If you have any other questions please feel free to contact me, and I can get you in touch with my rep at netForensics.

0 Helpful
Customers Also Viewed These Support Documents