05-05-2015 06:21 AM - edited 03-10-2019 06:22 AM
We are using IPS Modules AIP SSM 20 in ASA 5520 and software based IPS in 5525-X.
We want to send their logs to an external syslog server. Is that possible ?
Currently IME is managing all the alerts and notifications via emails.
But our requirement is to get IPS logs in external Syslog Server.
05-06-2015 01:01 PM
Sorry but the classic Cisco IPS such as you have only support export via Cisco's proprietary SDEE transport method.
IPS intrusion events on those platforms cannot be sent out by syslog. The reason I've heard why is because UDP is deemed unreliable and insecure for security management.
05-07-2015 11:54 PM
Thanks for the clarification.
So is there anyway we can be aware of when someone tries to login to the IPS, do login logs being made for success or denied attempts ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide