Hi Arne,

Thanks for your reply,

Quick question how did you get the logging information from VMS to SIMS, in particular CSAMC. If you can point me to the docs that assisted you that would be a great help.

Many thanks

Cheers tony

Hi Tony,

1) Log in to CSAMC

2) Under Monitor create a new Alert:

- select ALL events

- select Log file and type in a absolute destination path.

(This log export of the CSAMC Event Log is called Message file in the installation process of the CSA SIM agent/client.)

4) Install CSA SIM Agent. I recommend to install it directly on the Cisco Works server. During installation point to the new generated Message file. Done.

(You only need one CSA SIM agent which fetches the export of the CSAMC event log and forward it to the SIMS.)

Regards,

Arne

Hi Arne,

Thanks for your prompt reply, we have the SIMS hardware appliance, any idea where I can download the agents that need to install on CiscoWorks VMS

Thanks again

Tony

There you go:

http://www.cisco.com/cgi-bin/tablebuild.pl/sims-swcd-crypto

Regards,

Arne

Thanks

will give it a go and let you know how it goes.

Thanks

Tony

Hi Arne,

I logged onto the VMS server and created a new log alert and pointed it to a file called SIMS.log. I would expect all the events that appear on CSAMC to appear in this file correct ?

I then ran the file nf.installagent.exe and selected Cisco Security Agent from the various agents that are available, I am prompted for the SIMS ip address for engine and database. It then pops up with an error.

Am I following the correct process ? It seems as if the agent is what is responsible for sending all the events that are now replicated to that log file and sent to SIMS server for processing, am i on the right track ?

Thanks

Tony

Hi Tony,

Q1) Yes, this is a 1:1 export of what is displayed on the event console.

Q2) You are right. Setup the SIMS (including FQDN) and afterwards point the agent to the DNS or IP of the SIM when asked. The agent forwards events out of the SIMS.log in realtime to SIMS.

Regards,

Arne

Hi Arne,

Great stuff, thanks it is making a whole lot more sense now, one other question do I have to add the CSAMC as a device on the SIMS server ?

Tony

When the SIM agent established a connection with the SIM it autom. registers. If this happened successful you will notice that the reported devices will be listed in Administration Panel as unconfirmed devices. These have to confirmed and put into self defined logical groups. Therefore all active reporting CSAs will be listed in Device Status on the SIM. So there`s no need to add the CSAMC except the CSA protecting the Cisco Works server which gets listed under the other CSAs.

Regards,

Arne

Hi Arne,

We reimaged the Sims Box and now the syslog agent is not running any longer, so we are not receiving event logs from devices, any idea how you restart the syslog agent ?

PS we have the solution engine running , with the version running on Linux it was easy, the appliance is a little different you dont have access to the linux command line.

Thanks tony

Hi Tony,

on the appliance you`ll have to telnet in(CLI), do a 'rootenable' and afterwards you could use 'su' command for bash access.

Which syslog you mean? Local syslog start: /etc/init.d/syslog start|stop

On CLI you have the chance of using 'nfadmin'

(The problem could be, by reimaging of the image-DVD you often get a very old version status. We had to install a bunch of updates until current version for stable service operating.)

Regards,

Arne

Hello. Do you still have access to a Cisco SIMS Engine?