cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1315
Views
0
Helpful
1
Replies

Cisco IPS SDEE - Logs

Hi,

We have a cisco IPS module in ASA which supports SDEE. I would like to know if we can get the logs for configuration changes, user account creations etc using SDEE. Splunk is used to get the SDEE events and we are receiving only the intrusions and vulnerabilities. Cisco IPS manager express is showing the user creation logs but it doesn't come in splunk. Any help would be really appreciated. 

 

Regards

Sajin

 

1 Reply 1

m.kafka
Level 4
Level 4

SDEE is designed to notify *only* about IDS/IPS events. Administrative accounting can be done via syslog and/or AAA.

Review Cisco Networking for a $25 gift card