Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
3
Replies

New IDS version overview

robert.mcclain
Level 1
Level 1

‎05-23-2002 05:42 AM - edited ‎03-08-2019 10:44 PM

I have not upgraded my sensors yet to the new IDS 3.1(2)S(23), which if I understand this right is the preferred version instead of the S(22). Can someone there give me an overview of this along with the Event Viewer and how this affects the Unix Director. Can I disgarde the Director and just use the Event Viewer? Could I use the Event Viewer to configure and monitor my sensors from my Win 2k workstation etc?

Thanks

Labels:
0 Helpful
3 Replies 3

klwiley
Cisco Employee
Cisco Employee

‎05-23-2002 07:36 AM

There are many improvements that have been made in 3.1(2) not only from the management and alarm viewing standpoint, but from sensor performance as well so I highly recommend that you apply the service pack.

That said you can use the event viewer and IDM as a replacement for the Unix director if your deployment is 1-3 sensors. They are meant to address these small deployment scenarios and provide an economical and efficient means of deploying our IDS solution. IDM and IEV do not scale well beyond that type of deployment. You are not required to use them however. You can disable IDM through sysconfig sensor and never deploy IEV and continue to manage your sensors as you always have if this is your desire, while still enjoying the other enhancements and refinements to the product that are in the service pack.

Hopefully this answers your question, but if not let me know and I'll try to clarify anything that is still cloudy.

KLW

0 Helpful

c-fay
Level 1
Level 1
In response to klwiley

‎05-28-2002 09:46 PM

If I use CSPM2.3.3i+3.0(1)s4,after upgrade to 3.1(2) I can drop CSPM,is it?

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to c-fay

‎05-29-2002 11:03 AM

If you are managing more than 3 sensors then you should continue to use CSPM v2.3.3i.

You could use IDM or CSPM for configuration. IDM only does one sensor at a time while CSPM can do multiple and share configs between sensors. You will want to use CSPM for Event Viewing since IEV has a 3 sensor limitation.

The new IDM and IEV are not geared for replacing the current enterprise level management software. The new IDM and IEV are geared towards the small business with only 1,2 or 3 sensors.

If you only manage 1,2 or 3 sensors then you could switch over to IEV and IDM or stay with CSPM.

If you aren't going to use IDM then you can disable it through sysconfig-sensor.

You will still want to upgrade to 3.1(2) because of performance enhancements and bug fixes in packetd, and all new signature releases will be based off the 3.1(2) train.

Marco

As for future versions of the enterprise level management you will need to contact your Cisco Representative as product roadmaps aren't discussed on the Forum.

0 Helpful
Customers Also Viewed These Support Documents