01-10-2005 06:48 AM - edited 03-10-2019 01:13 AM
Hi,
I'd like to employ 5-6 end point routers with embedded IPS.
I do not have the opportunity to employ VMS o CSIMS.
To configure these, then, I'll use the SDM.
Instead, for the alarm reporting:
- If I configure the communication with the old post-office protocol, I think that I can use the IEV software
- If I use the new SDEE communication protocol, what can I use to collect and report the allarms?
Thanks,
Kind regards,
G.
01-10-2005 09:09 AM
I don't think the old post-office protocol will work with the newer IPS features of the router.
(The documentation says it was deprecated)
To use SDEE you will need to use a viewer that supports SDEE.
The Cisco options include:
Security Monitor (part of VMS, latest release includes SDEE support)
Cisco Works SIMS (an OEM from NetForensics - I am not positive that it supports SDEE yet)
Protego PN-MARS (Protego is being bought by Cisco - I know they have SDEE support, but not sure if it is in their released version)
Unfortunately there is not a simple no-additional-cost viewer (like IEV) that supports SDEE.
Another alternative you may want to consider is to use syslog. The router can send the alerts as syslog events.
There are many free syslog viewers available for download on the Internet.
01-11-2005 12:32 AM
Thank you very much,
Thenn I think to use syslog... VMS or SIMMS are too complex and expensive for only few routers...
Bye,
G.
03-10-2005 08:03 AM
> Another alternative you may want to consider is to use syslog.
Is syslog event reporting possible for dedicated IDS sensors too? We have many sensors (mostly 4235 model), and maintaining user accounts on every sensor AND for every sensor on every event receiving device is going to be a total nightmare.
Thanks...
03-10-2005 03:01 PM
No
The sensor Appliances and Modules do not currently support creating syslogs for alerts.
The sensor Appliances and Modules with version 5.0 do support sending events as SNMP traps, but I am not sure if the IPS feature on IOS routers support SNMP traps for the alerts.
A dedicated management tool like VMS (Security Monitor), NetForensics (CW SIMS), or Protego (PNMARS) is really the way to go.
But as you know it does mean managing the user accounts.
My suggestion is to use a consistent user account with a consistent password on all of the sensors.
You would create that account and setup the password on the initial setup of each sensor.
Marco
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide