Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1047
Views
5
Helpful
4
Replies

how to get IDSM-2 log file

Go to solution
Gongyuan Yao
Level 1
Level 1

‎09-29-2009 06:57 AM - edited ‎03-10-2019 04:46 AM

Hi, we have IDSM-2 installed in cat 6500 system. Anyone knows how to get IDSM-2 syslog file? and how to config it to send log to syslog server? I know these two questions are pretty simple, but I have not found answers yet.

Any help would be greatly appreciated.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
tsippa005
Level 1
Level 1

‎09-29-2009 11:27 PM

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

View solution in original post

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to tsippa005

‎09-30-2009 08:26 AM

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

View solution in original post

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to rhermes

‎10-16-2009 06:00 AM

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

View solution in original post

4 Replies 4

Go to solution
tsippa005
Level 1
Level 1

‎09-29-2009 11:27 PM

U can get events from IDSM in SDEE format. Use IPS Manager or another tool to collect these logs.

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to tsippa005

‎09-30-2009 08:26 AM

To expand on what tsippa said, the Cisco IPS sensors do not have a syslog output. the standard way to get events off the sensor is via an SDEE feed. You can also set each signature to issue an SNMP trap when they fire, but this must be done on a signature by signature basis.

0 Helpful

Go to solution
andrey.dugin
Level 1
Level 1
In response to rhermes

‎10-16-2009 06:00 AM

Using traps is possible, but per-signature basis is not one way. You may use event action overrides to activate traps on all signatures or according to risk rating.

Go to solution
Gongyuan Yao
Level 1
Level 1
In response to andrey.dugin

‎10-20-2009 05:10 AM

Thanks a lot for all of the great help.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card