cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
567
Views
0
Helpful
2
Replies

Getting log data out of IPS 4240

Kevin Melton
Level 2
Level 2

We installed an IPS 4240 on our Customers Network a few months ago. We had great expectations for it during the installation, thinking that it would be alerting us to potentially suspicious activity any time any potential intruder tried to do anything suspicious on our network.

We can see where to device is useful with respect to seeing bogus signatures and then logging some data (capturing frames) in its IP Logging Feature.

It is also useful in its "Events" tab as one can drill down to specific time periods...

But what I really want is for it to:

1) Send syslog data to our Log Collection host, and 2) Send Alerts when these suspicious activities are detected so that an IT Admin knows what is going on and can react to them...

Is there a way to configure this?

2 Replies 2

mchin345
Level 6
Level 6

review the sensor config, interface setup, running config etc.

mhellman
Level 7
Level 7

You probably should have looked into this before purchasing a 4240;-)

Cisco IDS/IPS sensor appliances do not currently support sending alerts via syslog or SNMP traps. Events are generally collected from Cisco IDS/IPS sensors using RDEP or SDEE. Here's a perl module that might work (I've never used):

http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm

Review Cisco Networking for a $25 gift card