Archiving Event Logs in IDS v4.0?

tscislaw_2 · ‎07-02-2003

I can't seem to find how to archive the event logs in v4.0.

In v3.1, we were able to setup to FTP the logs automatically to an FTP server.

Suggestions?

Tony

shalondon · ‎07-02-2003

Hi Tony,

Here is quick perl script I threw together. It of course requires perl, XML::XPath perl module and libcurl to be installed on your archival system. Again it is a simple script and could stand some improvement. There are 3 user defined variables at the start of the script you will need to change for your system. You just need to add a cron job to run the script every so often to pull the new events over and store them.

Thanks,

Shane

---------------------------------------------start-----------------------------------------------------

#!/usr/bin/perl -W

use strict;

use XML::XPath;

my $xpath;

my $startstamp;

if (-e ".startstamp") {

open(FD, "< .startstamp");

$startstamp = ;

chomp( $startstamp );

close(FD);

} else {

$startstamp = "0";

}

#user defined variables

my $username = "cisco";

my $password = "cisco";

my $server = "https://10.1.1.1";

#end user defined variables

$server .= "/cgi-bin/event-server?startTime=$startstamp";

$startstamp = "log" . $startstamp;

`curl -u $username:$password $server > $startstamp`;

$xpath = XML::XPath->new($startstamp);

my $values = $xpath->find('//time/text()');

if ($values->size) {

my @nodes = $values->get_nodelist;

my $value = @nodes[ $values->size - 1 ]->toString;

open(FD, "> .startstamp");

print FD $value;

close(FD);

}

exit;

----------------------------------------------end------------------------------------------------------

tscislaw_2 · ‎07-03-2003

That's a "quick" script??? :-)

Thanks.

The functionality to do this was built-in in IDM3.1. Too bad it's gone.