05-06-2008 06:41 AM - edited 03-10-2019 04:05 AM
We installed an IPS 4240 on our Customers Network a few months ago. We had great expectations for it during the installation, thinking that it would be alerting us to potentially suspicious activity any time any potential intruder tried to do anything suspicious on our network.
We can see where to device is useful with respect to seeing bogus signatures and then logging some data (capturing frames) in its IP Logging Feature.
It is also useful in its "Events" tab as one can drill down to specific time periods...
But what I really want is for it to:
1) Send syslog data to our Log Collection host, and 2) Send Alerts when these suspicious activities are detected so that an IT Admin knows what is going on and can react to them...
Is there a way to configure this?
05-12-2008 09:02 AM
review the sensor config, interface setup, running config etc.
05-12-2008 11:08 AM
You probably should have looked into this before purchasing a 4240;-)
Cisco IDS/IPS sensor appliances do not currently support sending alerts via syslog or SNMP traps. Events are generally collected from Cisco IDS/IPS sensors using RDEP or SDEE. Here's a perl module that might work (I've never used):
http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide