cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
532
Views
0
Helpful
1
Replies
Beginner

AIP-SSM logs

Hi all,

Can We get the logs generated by the IPS module. My customer is going for Auditing and thus he wants logs generated by the AIP-SSM. Kindly Let me know how to do it.

Thanks & Regards

R.MADHANKUMAR

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: AIP-SSM logs

When you say logs, I will assume you are talking about the Signature Events generated by your AIP-SSM.

These events are accessible on the sensor in a circular buffer. You can see them in the CLI with the "show events alerts past hh:mm" command, but once that buffer wraps the old events will be overwritten. Exporting events off the sensor is only allowed via a protocol called SDEE. Only a few devices talk this protocol. If you are running a copy of IPS Manager Express (IME, it's free for a few devices) to manage your sensors, you can export the events to HTML or CSV In the Event Monitoring Tab, select Other > Save "save as HTML or CSV.

- Bob

View solution in original post

1 REPLY 1
Highlighted
Rising star

Re: AIP-SSM logs

When you say logs, I will assume you are talking about the Signature Events generated by your AIP-SSM.

These events are accessible on the sensor in a circular buffer. You can see them in the CLI with the "show events alerts past hh:mm" command, but once that buffer wraps the old events will be overwritten. Exporting events off the sensor is only allowed via a protocol called SDEE. Only a few devices talk this protocol. If you are running a copy of IPS Manager Express (IME, it's free for a few devices) to manage your sensors, you can export the events to HTML or CSV In the Event Monitoring Tab, select Other > Save "save as HTML or CSV.

- Bob

View solution in original post