06-30-2011 02:29 PM - edited 03-10-2019 05:23 AM
Hello, I have an ASA 5510 with and AIP-SSM installed. The question is, will the IDM store the logs from the IPS module even when it is closed, or does it have to stay open? Also, if either one loses power, are the logs lost and will they start back automatically? If not, how can I make this happen for PCI compliance purposes?
Solved! Go to Solution.
07-01-2011 12:37 PM
Hi,
The IDm will Not Store Loge are events.You have to enable external syslog are you can use Cisco IPS Manager Express(IME).
Rajeswar.
07-01-2011 12:37 PM
Hi,
The IDm will Not Store Loge are events.You have to enable external syslog are you can use Cisco IPS Manager Express(IME).
Rajeswar.
07-02-2011 12:16 AM
Rajeswar,
I didnt think syslog was supported for AIP SSM? You might clarify this please?
Tks
07-05-2011 08:40 AM
You are correct, none of the Cisco IPS Sensors support Syslog for transmitting signature events.
The orginal poster of this thread asked about the event "logs" and I was trying to answer his question using his terminology.
- Bob
07-01-2011 12:54 PM
If by "logs" you mean the signature events the IPS Sensor generates, then the answer is mostly yes.
The Sensor has a circular buffer for event storage. It will keep these event until they are overwritten.
How quickly they are overwritten is a factor of buffer size, event size, packet capture options, etc (there was a forum thread on this very topic you can search for)
If you are concerned about keeping event logs, you can install the free IME server and pull events from the sensor. If you are REALLY concerned about getting events logs you can stand up two IME servers (they will cost you some sensor overhead though) and keep them on your host, instead of your senor. Each sensor can support up to 5 devices (I think) pulling events.
- Bob
07-07-2011 08:31 AM
Thank you for the reply. Can you send a link on where to download the IME Server?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide