FYI, I'm not running v5.0 yet, but the official Cisco statement is "Cisco solutions include the Cisco IPS Device Manager for single device management and event monitoring, and Cisco Works VPN/Security Management Solution (VMS) for multidevice, multievent-type correlation."1
Given my experience, this is the right answer. In fact, new Cisco sensors come with VMS Basic (5 device limit version of VMS) for free. It can be used to monitor any IPS/IDS events remotely.
If you just want to quickly look at the event logs, you can remotely login to the sensor use IDM (IPS/IDS Device Management) to look at the Event Store, though this is not the best method, since you cannot export or otherwise manipulate the alarms from this particular interface.
One other option that bears mentioning is using a SIMS (Security Information Management System), such as ArcSight, NetForensics or NSM. These tools have RDEP/SDEE clients that can connect to Cisco IPS/IDS sensors and collect the alarms. This is a good option if you have a lot of sensors to monitor and want to correlate their events against other data types (such as router or firewall logs). Unfortunately, SIMS can be a very expensive undertaking, so caveat emptor.
I hope this helps,
Alex Arndt
1 - http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet0900aecd801e6a45.html
