cspm, sql, 3251

c.alejandra · ‎10-11-2002

question: under the cspm2.3.3i, how do you set up the cspm server to bring the event logs to the SQL server -or is it possible -thinking about integrating Oracle back end . Are there SQL schemas available? Where could I get more info -- been looking everywhere!

Where somebody provide more information about sig 3251 benign triggers (aside from the very non-exhaustive description in the ndbs) and the formulation of the string so that I may make a responsible decision about how to fine-tune it - this event is tiggered continuously for port 80 destined connections from a generic range of sip.

Thankx

m.singer · ‎10-17-2002

Yes you can send the log info to a SQL server from your CSPM. Here is a link that might help:

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch11.htm

zheeter · ‎11-26-2002

It does not specify how to send the log info to anything except a backup. Later in the text it says you can use an odbc db as the spillover but it doesn't say how and there are no obvious ways in the product. Can you please be more specific?

mcerha · ‎10-19-2002

Signature 3251 should not be firing for traffic to port 80. It *should* only inspect telnet, rsh, and rlogin connections. It might be possible that traffic from source ports 23, 512, 513 to port 80 are erroniously setting this signature off. If you can provide traffic samples / iplogs, we'd be happy to look at them. You can email them to me. mcerha@cisco.com