Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
0
Helpful
4
Replies

IOS-IPS alarm reporting tool

g.rodegari
Level 1
Level 1

‎01-10-2005 06:48 AM - edited ‎03-10-2019 01:13 AM

Hi,

I'd like to employ 5-6 end point routers with embedded IPS.

I do not have the opportunity to employ VMS o CSIMS.

To configure these, then, I'll use the SDM.

Instead, for the alarm reporting:

- If I configure the communication with the old post-office protocol, I think that I can use the IEV software

- If I use the new SDEE communication protocol, what can I use to collect and report the allarms?

Thanks,

Kind regards,

G.

Labels:
0 Helpful
4 Replies 4

marcabal
Cisco Employee
Cisco Employee

‎01-10-2005 09:09 AM

I don't think the old post-office protocol will work with the newer IPS features of the router.

(The documentation says it was deprecated)

To use SDEE you will need to use a viewer that supports SDEE.

The Cisco options include:

Security Monitor (part of VMS, latest release includes SDEE support)

Cisco Works SIMS (an OEM from NetForensics - I am not positive that it supports SDEE yet)

Protego PN-MARS (Protego is being bought by Cisco - I know they have SDEE support, but not sure if it is in their released version)

Unfortunately there is not a simple no-additional-cost viewer (like IEV) that supports SDEE.

Another alternative you may want to consider is to use syslog. The router can send the alerts as syslog events.

There are many free syslog viewers available for download on the Internet.

0 Helpful

g.rodegari
Level 1
Level 1
In response to marcabal

‎01-11-2005 12:32 AM

Thank you very much,

Thenn I think to use syslog... VMS or SIMMS are too complex and expensive for only few routers...

Bye,

G.

0 Helpful

iterrell
Level 1
Level 1
In response to marcabal

‎03-10-2005 08:03 AM

> Another alternative you may want to consider is to use syslog.

Is syslog event reporting possible for dedicated IDS sensors too? We have many sensors (mostly 4235 model), and maintaining user accounts on every sensor AND for every sensor on every event receiving device is going to be a total nightmare.

Thanks...

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to iterrell

‎03-10-2005 03:01 PM

No

The sensor Appliances and Modules do not currently support creating syslogs for alerts.

The sensor Appliances and Modules with version 5.0 do support sending events as SNMP traps, but I am not sure if the IPS feature on IOS routers support SNMP traps for the alerts.

A dedicated management tool like VMS (Security Monitor), NetForensics (CW SIMS), or Protego (PNMARS) is really the way to go.

But as you know it does mean managing the user accounts.

My suggestion is to use a consistent user account with a consistent password on all of the sensors.

You would create that account and setup the password on the initial setup of each sensor.

Marco

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card