03-06-2012 11:04 PM - edited 03-10-2019 05:38 AM
How to configure syslog on the following IPS module ?
I need to send logs from this sensor
Platform: ASA-SSM-10
Build Version: 7.0(4)E4
Os Version: 2.4.30-IDS-smp-bigphys
Can anybody advise me on this.
Regards,
Rohit
03-07-2012 01:33 AM
Do you need the syslogs to be sent or the Events.
IPS sensors do not support syslog forwarding. Syslog is fairly restrictive in size of messages and is not secure or reliable.
sensor does support sending of events using SNMP (again with the same sets of restrictions: not full data, clear text, not reliable).
There is a physical ability to send events as traps. It isn't recommended for many reasons (or lets say it isn't recommended in the same way that monitoring using SDEE is). SNMP trap receivers generally aren't built to handle, say 200 events per second per device. The sensor isn't capable of sending at the same event rate as it is with SDEE. The traps are in clear text and are not reliably sent. They don't contain the same amount of info as an SDEE event, and can't.
If you need the events to be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
Hope this helps.
Sachin
07-10-2014 03:56 AM
Hi Sachin,
Can you confirm , is this still valid ?
IPS sensors do not support syslog forwarding
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide