Header

Sections

Syndication

Blogroll:

||||| ALL Cisco-Network ARTICLES |||||
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Exporting Event Logs for cisco ids

Email to a friend email

email

Print version print

print

Exporting Event Logs for cisco ids

Nov 24,2008 by admin

small font

medium font

large font

Exporting Event Logs

By default, the IDS sensor logs all events locally on the sensor by both severity and type. A feature of the IDS sensors is that you can export the event logs to an FTP server. This allows you to run detailed analysis using other tools such as Sawmill. Once the logs are exported, you can maintain an archive of events over time that can be of help if you need to pull up the logs of several months ago because of legal issues such as hacking attempts. You can configure the export function to use an FTP server that event logs will be sent to at regular intervals.

The following steps illustrate how to configure the export of event logs (also see Figure 5.18):

Click To expand

Figure 5.18: Configuring Exporting Log Files

Select Configuration | Logging | Exporting Event Logs.
The Exporting Event Logs panel appears. Check the box for Export Archived Event Log Files

Enter the IP address of the FTP server you want to connect to and send the logs to in the Target FTP Server IP Address field.

Note

The following FTP servers support FTP log export functions:

Windows NT 4.0 (Microsoft ftp server ver 3.0)
Sambar FTP Server Ver 5.0 (win32)
Windows 2000 (Microsoft ftp server ver 5.0)
Web-mail Microsoft FTP Service Version 5.0 (win32)
HP-UP (HP-US qdir-5 B.10.20 A 9000/715)

Serv-U FTP-Server v2.5 for WinSock (win32)

Solaris 2.8

Enter the target directory on the remote FTP server in the Target FTP Directory field. This can be 1 to 128 characters.
Enter the FTP server login name in the FTP Username field. This can be 1 to 16 characters.
Enter the FTP server password associated with the login name in the FTP Password field. This can be from 1 to 8 characters. Click OK.
View the messages.sapd file to verify the event logs are being exported by selecting Monitoring | Logs | Messages | Sapd. If there is an error, this is where you will see it.

Note
Every time the event log is closed and archived, logs are FTPed. This occurs once a day by default or when the logs fill up the 104,876 bytes allocated to them, whichever comes first.

564 times read

Related news

» Configuring Logging
by admin posted on Nov 24,2008
» Monitoring Area
by alperen posted on Mar 04,2010
» Configuring Event Logging (IDS version 3.1)
by admin posted on Nov 24,2008
» Configuring Automatic IP Logging
by admin posted on Nov 24,2008
» Configuring IP Logging
by admin posted on Nov 24,2008

Did you enjoy this article?

(total 0 votes)

comment

Comments (0 posted)

More Top News

CCSP-Cisco Certified Security Professional

Cisco SAFE Implementation

Preparation Documents

Skills Required for the Exam

Cisco SAFE Implementation Questions and Answers

Access Control Lists Cisco

Access List Basics

Standard Access Lists

Extended Access Lists

TCP Access Lists

UDP Access Lists

ICMP Access Lists

Named Access Lists

Signature and Alarm Management Review

Signature and Alarm Management Review Questions and Answers

Managing Alarms

Event Viewer Customization

Preference Settings

Sensor Installation

Connecting to Your Network Sensor Appliance

Sensor Bootstrap

Sensor Installation and Configuration Review

Sensor Installation and Configuration Questions and Answers

Signature and Alarm Management

CIDS Signatures

Signature Series

Signature Implementations

Signature Classes

Signature Types

Signature Severity

Most Popular

Privilege Levels

Managing the Router's ARP Cache

Configuring SIP on a Cisco Router

Redistributing Static Routes into OSPF

Most Commented

Exploring the Navigation Bar

Named Access Lists

Object Grouping

Featured Author

admin