cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
751
Views
0
Helpful
1
Replies

AIP-SSM logs

Madhan Kumar
Level 1
Level 1

Hi all,

Can We get the logs generated by the IPS module. My customer is going for Auditing and thus he wants logs generated by the AIP-SSM. Kindly Let me know how to do it.

Thanks & Regards

R.MADHANKUMAR

1 Accepted Solution

Accepted Solutions

rhermes
Level 7
Level 7

When you say logs, I will assume you are talking about the Signature Events generated by your AIP-SSM.

These events are accessible on the sensor in a circular buffer. You can see them in the CLI with the "show events alerts past hh:mm" command, but once that buffer wraps the old events will be overwritten. Exporting events off the sensor is only allowed via a protocol called SDEE. Only a few devices talk this protocol. If you are running a copy of IPS Manager Express (IME, it's free for a few devices) to manage your sensors, you can export the events to HTML or CSV In the Event Monitoring Tab, select Other > Save "save as HTML or CSV.

- Bob

View solution in original post

1 Reply 1

rhermes
Level 7
Level 7

When you say logs, I will assume you are talking about the Signature Events generated by your AIP-SSM.

These events are accessible on the sensor in a circular buffer. You can see them in the CLI with the "show events alerts past hh:mm" command, but once that buffer wraps the old events will be overwritten. Exporting events off the sensor is only allowed via a protocol called SDEE. Only a few devices talk this protocol. If you are running a copy of IPS Manager Express (IME, it's free for a few devices) to manage your sensors, you can export the events to HTML or CSV In the Event Monitoring Tab, select Other > Save "save as HTML or CSV.

- Bob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: