Re: [logs] Cisco IDS 4235 and Syslog.

• Previous message: William Lakner: "[logs] Cisco IDS 4235 and Syslog."
• Maybe in reply to: William Lakner: "[logs] Cisco IDS 4235 and Syslog."
• Next in thread: Terence Runge: "Re: [logs] Cisco IDS 4235 and Syslog."
• Reply: Terence Runge: "Re: [logs] Cisco IDS 4235 and Syslog."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bill,
Cisco IDS v4.x uses a XLM Based Protocol to transmit its events.  

One challenge you will face is how to combine UDP 514 Syslog and Cisco XML IDS events in one machine (tool).

For that, you might want to look at SEM (Security Event Management) products.  These type products can collect on multiple protocols including the ones you mentioned and from other products of interest including windows event logs, VPNs, VA products, etc....  Once the information is centralized these products can correlate the data to help identify virus/threats, enforce policy, and help with compliance (SOX, GLBA, HIPPA, etc...).  SEM product are either appliance based while others are software based.

There are lots of vendors doing SEM including the company I work for -Network Intelligence Corp.  I would suggest doing a Google search and do some research on you own.

These SEM products can get expensive so look around for the one that fits you (and you budget) the best.  

Hope this helped,
Brian



-----Original Message-----
From: loganalysis-bounces+bizzy=network-intelligence.com@private <loganalysis-bounces+bizzy=network-intelligence.com@private>
To: loganalysis@private <loganalysis@private>
Sent: Wed Jun 30 15:32:00 2004
Subject: [logs] Cisco IDS 4235 and Syslog.

All,

We are in the process of rebuilding our logging infrastructure. I was 
wondering whether
anyone had any experience with Cisco IDS (ver. 4.1) and syslog. Cisco's 
documentation
is a little vague regarding 3rd party solutions (i.e. other than CiscoWorks 
VPN Security Manager
and Cisco Threat Response. Is it possible to log IDS events to a centralized 
syslog server?
If so, how is this accomplished?

Many thanks in advance.

Bill

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis




_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Terence Runge: "Re: [logs] Cisco IDS 4235 and Syslog."
• Previous message: William Lakner: "[logs] Cisco IDS 4235 and Syslog."
• Maybe in reply to: William Lakner: "[logs] Cisco IDS 4235 and Syslog."
• Next in thread: Terence Runge: "Re: [logs] Cisco IDS 4235 and Syslog."
• Reply: Terence Runge: "Re: [logs] Cisco IDS 4235 and Syslog."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jun 30 2004 - 20:40:31 PDT