Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1409
Views
0
Helpful
6
Replies

IPS Aplication-log

pemasirid
Level 1
Level 1

‎07-02-2012 02:54 PM - edited ‎03-10-2019 05:43 AM

Hi,

One of our IPS (4260) showing Applicaiton-log 96%, I just need to know where these logs are saved and how to backup these logs.?

Also I want to know where is the event logs are saved and is there a way to backup these logs as well?.

Appreciate if someone can advise me on the above please.

thanks

Labels:
0 Helpful
6 Replies 6

sawgupta
Level 1
Level 1

‎07-05-2012 10:06 PM

These are maintained by the IPS device itself in a circular buffer in RAM disk partition.

Once the event partition is full, it will start to overwrite over the oldest event.

You can use some tool which supports SDEE subscription and retrieve the events regularly from the device.

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
0 Helpful

pemasirid
Level 1
Level 1
In response to sawgupta

‎07-07-2012 02:39 AM

Hi Sawan,

Thanks for your time and response to this post. I still have some clarification on this and appreciate if you can advise or provide and url/documents;

-  is there's any possibility to delete those files and how.

-  if we have SDEE support tools how can we configured to backup those logs to a server..

-  if the sensor rebooted will the above logs be deleted.

- i have seen IPS signature has an option send syslog traps, but general acceptance is to that IPS events doesnt support syslog traps, in that case I'm wondering why there's an option in the signature has for syslog.?.

Appreciate if you can clarify the above please.

thanks in advance.

0 Helpful

sawgupta
Level 1
Level 1
In response to pemasirid

‎07-07-2012 03:49 AM

Hi,

There is no way or benefit in deleting those files. Since it is a permanent circular buffer.

Regarding SDEE, it is enabled by default. IME can be configured to retreive all the events.

https://supportforums.cisco.com/docs/DOC-12515

The opton under signature action is for SNMP traps.

For exporting system logs to syslog server:

https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
0 Helpful

joedansereau
Level 1
Level 1
In response to sawgupta

‎08-03-2012 12:12 PM

Sawan,

I have the same requirement of IPS logging to syslog but on a 4215 running on 6.0.6 E4. how do I get to this link you supplied?

https://techzone.cisco.com/t5/Intrusion-Preventions-Systems/Exporting-IPS-System-logs-Not-Events-to-a-Sylog-server/ta-p/30683

thanks,

Joe

0 Helpful

sawgupta
Level 1
Level 1
In response to joedansereau

‎08-03-2012 07:14 PM

Here are the manual steps:

- Login with service account

- Use command "/sbin/syslogd -m 0 -R "

- or add this in /etc/inittab

null::sysinit:/sbin/syslogd -m 0 -R

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
0 Helpful

joedansereau
Level 1
Level 1
In response to sawgupta

‎08-06-2012 07:52 AM

Sawan,

will this send Status and Error events also or only send IPS Alert events configured with the send to syslog option configured on the signature?

Thanks,

Joe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card