04-21-2014 05:09 AM - edited 03-11-2019 09:06 PM
We have CISCO ASA 5585 with a separate module for IPS, I want to know what are the options for configuring syslog? Its nearly impossible to find ; and there are some forums on the internet which says that cisco ips stores logs in native / proprietary format and cannot be exported.
Please elaborate
Thanks.
Solved! Go to Solution.
04-21-2014 06:54 AM
Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.
Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.
04-21-2014 06:54 AM
Some sensor-related events generate syslog messages. Those will be forwarded according to the parent ASA syslog settings.
Detailed IPS events (signature triggers actions etc.) are stored locally and must be retrieved using the SDEE protocol (tcp-based). That requires use of a management system like Cisco Security Manager (CSM), IPS Manager Express (IME) etc. There is a good document here that explains SDEE in more detail.
09-19-2014 02:42 PM
Hi Marvin,
Do you know which sensor-related events generate syslog messages?
I have a few other questions in regards to IME and such if you are interested:
https://supportforums.cisco.com/discussion/12306116/cisco-ips-logging-options-sdee-ime-archiving
Thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide