04-05-2011 11:54 PM - edited 03-10-2019 05:19 AM
Hi, All
Few Queries on Cisco IPS.!!!!
1. Which are best tool for fetching cisco IPS logs??
2. Where or Which directory Cisco Logs/Events are saved?
3. I am only able to see today log but not able to view past any logs? what are possible cause?
4. Any free-ware tool that fetch logs and events from cisco IPS?
5. Cisco IPS express manager is free-ware or we need only cisco customer account?
For any type of help.. Thanks
Jignesh
Solved! Go to Solution.
04-09-2011 08:13 PM
1. You can use IME (IPS Manager Express) to view all your IPS events.
Here is the IME page for your reference:
http://www.cisco.com/en/US/products/ps9610/index.html
2. The logs on the IPS device itself has very small storage space and it wraps once the log is full, therefore if you have a lot of events triggered, you are only able to see the latest events.
3. As per my above description.
4. Cisco IME - it's free (no extra license is required to use IME).
5. As long as you have CCO account, you should be able to download the IME software.
Hope this helps.
04-14-2011 10:57 AM
Good info, Jennifer.
I'd like to take this question one step further and ask how to send syslog to a remote server? I see /sbin/syslogd, but am not seeing the syslog.conf. This is huge -- a must for me.
Thanks.
04-09-2011 08:13 PM
1. You can use IME (IPS Manager Express) to view all your IPS events.
Here is the IME page for your reference:
http://www.cisco.com/en/US/products/ps9610/index.html
2. The logs on the IPS device itself has very small storage space and it wraps once the log is full, therefore if you have a lot of events triggered, you are only able to see the latest events.
3. As per my above description.
4. Cisco IME - it's free (no extra license is required to use IME).
5. As long as you have CCO account, you should be able to download the IME software.
Hope this helps.
04-14-2011 10:57 AM
Good info, Jennifer.
I'd like to take this question one step further and ask how to send syslog to a remote server? I see /sbin/syslogd, but am not seeing the syslog.conf. This is huge -- a must for me.
Thanks.
04-14-2011 10:58 PM
Hi, Jeni or All
Thanks For reply. well better way that could know any mechanism i can sent directly all events to my syslog-ng server from IPS.
Jignesh
04-14-2011 11:03 PM
Great, thanks for the update.
Pls kindly mark the post as answered so others can learn from your post. Thank you.
04-14-2011 11:42 PM
Hi, Jenni
any idea for syslong-ng question. so i want to sent direct all events to sylog-ng for IPS.
04-17-2011 12:06 AM
Unfortunately IPS events can't be logged as syslog messages.
IPS events are logged as SDEE described on the following:
06-11-2013 12:10 AM
Hi Jennifer,
Thanks for details.
Would it be possible to get user login information ( with login failed / sucess status ) from Cisco IPS IME .
Kind Regards
10-19-2011 04:17 PM
Hi Jennifer,
In case I use IME for IPS events storing and analysing, if IPS cannot communicate with this tool (lose connectivity), is there any mechanism on IPS to temporarily store events in local buffer until the connectivity is restored? (IPS will send events to IME again when the connectivity is restored).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide