cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1105
Views
4
Helpful
11
Replies

Viewing IPS Real Time Events From Multiple IPS Devices

pmccubbin
Level 5
Level 5

What's the best strategy for viewing IPS real time events from multiple IPS devices now that VMS has been made EOL?

There was a nice single view of all IPS events from all IPS devices being managed in VMS and I was wondering where I can tell people to go to receive the same information about their networks. I don't see it in CSM and I don't think they'll find it in MARS. Please advise and correct me if I am wrong. Thanks!

1 Accepted Solution

Accepted Solutions

vitripat
Level 7
Level 7

You can use IEV. This is a event viewer which has a real-time dashboard also. You can import multiple sensors into it and view the events real-time.

Link for IEV for 5.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Link for IEV for 4.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

Regards,

Vibhor.

View solution in original post

11 Replies 11

vitripat
Level 7
Level 7

You can use IEV. This is a event viewer which has a real-time dashboard also. You can import multiple sensors into it and view the events real-time.

Link for IEV for 5.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ips-ev

Link for IEV for 4.x versions:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids-ev

Regards,

Vibhor.

There is nothing in the Readme file about whether this product is limited to a maximum of 5 IPS devices.

If so, what do we do for larger deployments?

IEV is limited. For large enterprises the best option would be to use CiscoWorks VMS. If you are worried about VMS being EOL, probably, you have a old version running. Please upgrade to latest version 2.3 which is current:

http://www.cisco.com/en/US/products/sw/cscowork/ps2330/prod_software_versions_comparison.html

Regards,

Vibhor.

Vibhor,

Thank you for responses.

Though what you suggest is a short term option because CiscoWorks VPN/Security Management Solution (VMS) is in maintenance mode with no further releases planned.

My customer liked the functionality of the IPS Manager in VMS for viewing Real Time Events. He now complains of the loss of data integrity by having to use MARS and having to trust its ability to correlate events. It's like being accustomed to working on routers via the CLI and being told henceforth you can only use the GUI.

Thanks again.

VMS SecMon will continue to accept events from 5.x and current 6.0 sensors, but Cisco has not made any promises that it will continue to do so for the life of 6.x

Cisco has a history of bumping us off the management platform of choice to the next thing they wish us to use. cough..director..VMS-MC..cough

Greetings, Vibhor. Just to clarify,

Cisco Security Monitor (CSM) alone DOES NOT provide the ability to see real-time IPS events from multiple sources......but the MARS add-on DOES provide this capability?

Thank you.

Hi,

Is it popssible to use the IDS Event Viewer for 6.x sensors? I only see ver 5.x download of the event viewer.

Thanks

Scott

I tested v6 and the IEV a little bit and it appears to work fine.

Yes, IPS Event Viewer (IEV) can be used with 6.x as well as 5.x sensors. Keep in mind that if you have upgraded to the new Cisco Security Manager (CSM) vers. 3.1, IEV is now integrated with that software. As a matter of fact, before you can install CSM 3.1, it will prompt you to un-install any previous versions of IEV before you can proceed.

If you are not using CSM 3.1, you should download/install IEV 5.2-1 for your 6.x sensor. Make sure you take a quick look at the read-me before you install.

So the 3.1 CSM has the event viewer built in? That is good news for those who were using VMS before and don't want to purchase CSMARS.

MARS as well as a few other 3rd party products can correlate multiple IDS sensor information.

In order for the 3rd party products to be compatible, they have to be able to access the Cisco IDS via RDEP or SDEE; if you search, you should be able to find some of them that are out there fairly easily with Google or another search engine.

Review Cisco Networking for a $25 gift card