IPS Manager Express - Events

ebanzuel23 · ‎12-03-2013

Hi IPS Expert,

I am managing and monitoring IPS using IPS Manager Express installed on my workstation.

I replace my workstation a week ago and reinstall IME.

I noticed that i can no longer retrieve old events.

1. Are the old events stored on the first machine?

2. How to backup the logged events?

Regards,

Jhun

Karsten Iwen · ‎12-03-2013

1. Are the old events stored on the first machine?

yes, IME uses an internal database to store all events.

2. How to backup the logged events?

Under "File" you have the option to export on one machine and import on another.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

ebanzuel23 · ‎12-03-2013

Thanks for the reply.

1. Do we have retention period of events?

2. If yes, where can we view or set the retention period?

3. Is the retention period only applicable on the machine where the IME is installed?

-Jhun

Karsten Iwen · ‎12-04-2013

you have to configure Archiving on the IME to clean up the local Database:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/ime/ime_getting_started.html#wp1240406

Sent from Cisco Technical Support iPad App

ebanzuel23 · ‎12-08-2013

Thank you for the response karsten. This is very helpful.

I have further inquiry. Noticed that after going through the archiving event options, we can schedule the archiving at maximum 24 hours interval.

a. Where will the archived data stored and?

b. Can we still view alarms from archive?.