03-08-2011 01:30 AM - edited 03-10-2019 05:17 AM
I am looking for the commands in how to configure IPS 4240-k9 to send log file to SYSLOG server. If anybody has or came across similer issue please advice.
Thanks in advanced.
03-08-2011 08:03 AM
Ali -
I am sorry to tell you, but the Cisco IPS Sensors do not send Syslog messages. Your only options for sending signature event information are:
SDEE (an TLS Encrypted XML formatted message) the sensor is the SDEE Host and your event receiver (MARS, IME, Intelitactics, etc) is the client.
SNMP Traps - You need to set the "Action" on each signature you want the sensor to send a trap.
- Bob
03-08-2011 10:55 AM
Syslog uses UDP. SDEE uses TCP.
Use IME for Mars for event retrieval of IPS.
Otherwise, you can use a SDEE server.
Please check my document for further information: https://supportforums.cisco.com/docs/DOC-12515
- Sid
03-09-2011 12:23 AM
I am running kiwi syslog server which recive the log from the devices which kiwi syslog server IP has been configured in. Since IPS is not supporting syslog and Kiwi is not supporting SDEE protocol, I am looking for SDEE serever which i can configure it to recive the IDS logs and send it kiwi syslog
Your support highly apprecaited,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide