Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
3
Replies

IDSM Logging to Kiwi

Go to solution
MBrooksAirIT
Level 1
Level 1

‎09-13-2011 04:52 PM - edited ‎03-10-2019 05:28 AM

This may be a very naive question, if so it will certainly match my knowledge level! Can log messages be sent to a Kiwi Syslog Server? If so, how to configure?

Many thanx

-michael

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rhermes
Level 7
Level 7
In response to MBrooksAirIT

‎09-14-2011 08:24 AM

Michael -

Unfortunately, no. Kiwi is a syslog server and none of the Cisco IPS sensors support syslog to send event messages.

If you only have a few sensors, grab a copy of the free IDM. It will pull events off IPS sensors via a secure protocol (SDEE)

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_getting_started.html

Alternately, you can go in and tune the "action" of each signature you want an event send to transmit them via an SMNP Trap. This is a less secure way of sending events and you will have to keep up your action tuning as new signatures are added to your sensors over time.

- Bob

View solution in original post

0 Helpful
3 Replies 3

Go to solution
MBrooksAirIT
Level 1
Level 1

‎09-13-2011 04:54 PM

By the way, this is an IDSM-2 (WS-SVC-IDSM-2)

Thanx

0 Helpful

Go to solution
rhermes
Level 7
Level 7
In response to MBrooksAirIT

‎09-14-2011 08:24 AM

Michael -

Unfortunately, no. Kiwi is a syslog server and none of the Cisco IPS sensors support syslog to send event messages.

If you only have a few sensors, grab a copy of the free IDM. It will pull events off IPS sensors via a secure protocol (SDEE)

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_getting_started.html

Alternately, you can go in and tune the "action" of each signature you want an event send to transmit them via an SMNP Trap. This is a less secure way of sending events and you will have to keep up your action tuning as new signatures are added to your sensors over time.

- Bob

0 Helpful

Go to solution
MBrooksAirIT
Level 1
Level 1
In response to rhermes

‎10-17-2011 06:10 PM

Thanx Bob. Did as you suggested, nice tool.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card