cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

16927
Views
0
Helpful
8
Replies
jignesh.darji
Beginner

IPS log and monitoring

Hi, All


Few Queries on Cisco IPS.!!!!

1. Which are best tool for fetching cisco IPS logs??

2. Where or Which directory Cisco Logs/Events are saved?

3. I am only able to see today log but not able to view past any logs? what are possible cause?

4. Any free-ware tool that fetch logs and events from cisco IPS?

5. Cisco IPS express manager is free-ware or we need only cisco customer account?


For any type of help.. Thanks



Jignesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Jennifer Halim
Cisco Employee

1. You can use IME (IPS Manager Express) to view all your IPS events.

Here is the IME page for your reference:

http://www.cisco.com/en/US/products/ps9610/index.html

2. The logs on the IPS device itself has very small storage space and it wraps once the log is full, therefore if you have a lot of events triggered, you are only able to see the latest events.

3. As per my above description.

4. Cisco IME - it's free (no extra license is required to use IME).

5. As long as you have CCO account, you should be able to download the IME software.

Hope this helps.

View solution in original post

Good info, Jennifer.

I'd like to take this question one step further and ask how to send syslog to a remote server?  I see /sbin/syslogd, but am not seeing the syslog.conf.  This is huge -- a must for me.

Thanks.

Mark

View solution in original post

8 REPLIES 8
Jennifer Halim
Cisco Employee

1. You can use IME (IPS Manager Express) to view all your IPS events.

Here is the IME page for your reference:

http://www.cisco.com/en/US/products/ps9610/index.html

2. The logs on the IPS device itself has very small storage space and it wraps once the log is full, therefore if you have a lot of events triggered, you are only able to see the latest events.

3. As per my above description.

4. Cisco IME - it's free (no extra license is required to use IME).

5. As long as you have CCO account, you should be able to download the IME software.

Hope this helps.

View solution in original post

Good info, Jennifer.

I'd like to take this question one step further and ask how to send syslog to a remote server?  I see /sbin/syslogd, but am not seeing the syslog.conf.  This is huge -- a must for me.

Thanks.

Mark

View solution in original post

Hi, Jeni or All

Thanks For reply. well better way that could know any mechanism i can sent directly all events to my syslog-ng server from IPS.

Jignesh

Great, thanks for the update.

Pls kindly mark the post as answered so others can learn from your post. Thank you.

Hi, Jenni

any idea for syslong-ng question. so i want to sent direct all events to sylog-ng for IPS.

Unfortunately IPS events can't be logged as syslog messages.

IPS events are logged as SDEE described on the following:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_system_architecture7.html#wp1012014

Hi Jennifer,

Thanks for details.

Would it be possible to get user login information ( with login failed / sucess status ) from Cisco IPS IME .

Kind Regards

ntawork68
Beginner

Hi Jennifer,

In case I use IME for IPS events storing and analysing, if IPS cannot communicate with this tool (lose connectivity), is there any mechanism on IPS to temporarily store events in local buffer until the connectivity is restored? (IPS will send events to IME again when the connectivity is restored).