Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
2
Helpful
2
Replies

IPS Log Report - Looking for Cisco Solution??

AdnanShahid
Level 1
Level 1

‎06-15-2011 09:48 AM - edited ‎03-10-2019 05:22 AM

Dear All,

I am looking for a cisco solution which can give me schedule mail with IPS log report. Below is what I am looking for,

A) Periodically mail me with IPS log report. such as daily or weekly.

B) The report should include Source addres+Destination Address+Timestamp+SignatureID+SignatureName.

C) Please see the attchaed file 01 - which I used to get in my previous organization from Cisco VMS. It was a 1 day report for 1 of the IPS back in 11th May 2008.

Now here is what I have gone through,

1) I am looking for a cisco solution.

2) I have check with IME 7.x. They can not mail report. But they can generate report on specfic formate. These reports are either Source or Destination or Signature based. I am not able to get the Report like I said above in point no (B).

3) I am currently checking with cisco CSM. Only difference with IME I found is that it can take log from Firewall and It can mail the report periodicaly. But the Report format is still same for IPS.

4) The report generated by IME and CSM are same and not very effective in a sence that it wont have the full information. I mean when [time] "X" type [signature name/ID] attack is happend by "Y" [SourceIP] source to "Z" [Destination IP] destination. This is what I mean at point (B) which I used to get with VMS.

5) I am not sure whether by CSM I can customize report and get the type of Report that I am looking for. If anyone know that it is possible through CSM please share with me.

6) We have Syslog-NG but we want something viewable for Management's understanding.

Please it will be very helpful for me, if anyone can tell me whether cisco currently has a solution which can effectivity report like this type. Please let me know.

Thanks//

Adnan

Labels:
101537-May 11-12 DC-IPS-01.htm.zip
0 Helpful
2 Replies 2

Farrukh Haroon
VIP Alumni
VIP Alumni

‎06-16-2011 06:44 AM

Dear Adnan

This kind of reporting is not possible to my knowledge.

You can send / export your  alterts via SNMP traps or any other method and then use a third-party tool to generate such reports e.g. Arcsight logger, Splunk etc.

Both offer free versions (with limitations) that might fit in your scenario.

Regards

Farrukh

rrfield
Level 1
Level 1
In response to Farrukh Haroon

‎10-20-2011 09:12 AM

It seems this should be a CSM function, but it's not...or not easy to do.  Why is that?  This seems like a no-brainer...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card