Showing results for 
Search instead for 
Did you mean: 

Email Notifications

Is there a way to get e-mail notifications for all IPS alerts? I know i can get e-mail logs daily but I'd like to be notified immediately when an intruder tries to attack my network. I know other IPS systems have this option but I am unable to find it in CISCO SA540 IPS.

7 Replies 7


There is no way that I can think of to achieve what you are asking in the SA540.  The best you can do is have the logs emailed to you every hour and then manually scan (or set something up to do it automatically outside of the SA540) the contents for *DROP* (or something similar). 

Let me know if you figure something out.

Well here's the route I am taking. I am forwarding IPS and Firewall logs to a syslog server -- which will then INSERT them into a SQL database.

I will write queries to extract certain data from logs tables and INSERT them into Alerts table. MSSQL server will email me everytime a new entry is added to Alerts table.

What syslog server do you use?  We use the free version of Kiwi Syslog.  The free version doesn't support databases, just flat files. 

Are you going to use an Enterprise version of MSSQL server or the Lite version?

I am very interesting in your final plan/solution to this.  Most especially if you achieve it with freeware/open source programs! 

My plan is ot use no third party application except for SysLog server. I am not using Kiwi. I am using Linux/Unix syslog server (syslog-ng) and will use MSSQL Server 2008 R2 (doesn't have to be enterprise).


          I was able to utilize vb code from another post and turn it into a syslog server of my own. I can send you a copy of this code if you'd like. It works well on Windows 7/2008R2 and I have tested it fine. Takes syslog from SA540 and writes it down into different files for each logging facility. I still haven't worked on email notifications but that'll be an easy thing to do with VB.

Why write your own syslog server when there are plenty of free good alternatives?

Use google to find 3CDaemon :-)

This does it all and more :-)


You are right, there are a lot of free and open source alterntatives available. However, more outside software you put in your secure environment, less sense of security there is left. Because we are using SA540 mainly as security device here, It wouldn't be a good idea to use software built by a total stranger

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers