08-17-2008 10:17 PM - edited 03-10-2019 04:15 AM
Is it possible to copy the IPS event log files to a server from a Cisco IPS 4215 device?
08-18-2008 08:13 AM
Assuming you want to be able to look thru the events and find somthing of intrest at a later date: if you have 5 or less sensors, try using the free Cisco Manager Express
http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ime
If you have more than 5 sensors, you're looking for a SIM like Cisco's CS-MARS, Netforesenics, Intelitactics, etc...
01-26-2010 09:00 AM
Hi Guys I would Really appreciate If someone can help me in finding out
How I can backup my previous Logs from IME
01-27-2010 11:58 AM
You might find that IME>File>Export would work well for you. Unlike IME's embeded Event Monitoring tool's limitation of the last 999 hours, the export can export data going well beyond that. I'm not sure if Cisco has a limit to IME's data retention, or will insitiute a limit in IME. My export takes me back to what I believe is the date I installed the software, June 2008. (unix dates, BTW).
The version of IME I use is 6.2.1. Hopefully the same capability remains in future versions of IME.
01-28-2010 02:24 AM
thanks for the Reply ,
If i will export data from IME for December , after export would it delete from database ?
As i have exported data for December Period , But I DB size is same , and When i serach Any event from DEcember time frame , I can see events , I am actually wondering , IF after export data dont get exported then eventually My Db size is huge ?
01-28-2010 08:36 AM
I have performed the export multiple times and I still see 2008 data in it. So, it may not be removing anything.
If there is a size/date limit to IME's locally retained data, I do not know what it would be. Maybe someone from Cisco can address this authoritatively.
01-29-2010 03:11 AM
Thanks ,
Let me discuss with one of My Supplier , Because as far as i have serached I have not fine any published document from Cisco about IME in detail
02-01-2010 07:33 AM
thanks for replying
Have you ever experienced , that if you close IME application it dont collect logs for that specific time interval and then When you run the appliaction , it cannot get thopse alarams from IPS ,
I hope you understand what I mean ...
MY ime stop responsing on Friday night and when on Monday Morning I try to pull report from IME , It cannot reterive Data .... What I belive It should be able to reterive it as that Data Should be stored on IPS buffers ... ??? when i try to check events from lat 72 Hurs i can see very less events from Sat and sunday date , howveer they are very low triggered alarms as compared to proviouse weekend days
what you suggest
02-03-2010 04:12 AM
The events processing is done by the service at the end. If the IME console is closed, the service should keep running (under normal operation).
There is a bug in IME that causes it to shutdown its service everytime you logoff from your machine, maybe this is the bug you are hitting.
Exporting the events should not delete them from the database.
Also the new IME supports upto 10 IPS devices, not just 5.
Please rate if helpful.
Regards
Farrukh
02-03-2010 06:35 AM
Thanks Haroon, It was helpful ,
So is there any way to decrease the size of Database (because I see Lot of files in the Data Folder , but i am unable to findout how they increment , Because there is not specific pattern like if one file come to that specific size , or it increment after 1 week),
Secondly , Is there any workaround to sort this stop services ... bug , When ever i close IME it dosent record data for that specific time interval.
Regards
02-05-2010 11:43 PM
I'm sorry but I don't think Cisco publically release any internal of the database. It would be better if you open a case for this or have someone from Cisco comment at this.
I would expect the service down issue to be solved in a future release, because it is a major pain.
Regards
Farrukh
02-08-2010 03:33 AM
Thanks
Well I tried Copying SQL data folder and it worked with NEW installation .... I can Extract the Information in those dates
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide