Re: Cisco IDS and Events

From: Justin Lundy (jbl@subterrain.net)
Date: 09/21/01 

Date: Fri, 21 Sep 2001 14:01:50 -0700
From: Justin Lundy <jbl@subterrain.net>
To: focus-ids@securityfocus.com
Subject: Re: Cisco IDS and Events
Message-ID: <20010921140150.A79069@subterrain.net>

Hi Chris,
First lets make clear the distinction with Cisco products that
offer Intrusion Detection System capabilities. They have their
"Cisco Network IDS Sensor", which is NetRanger; and "Cisco Host
IDS Sensor", which is a co-branded version of Entercept. Their
network IDS sensor sends SNMP traps correctly, we had this
operating in our QA test facility at my previous employer. Try
once more to walk through the Cisco documentation and if there
is no end in sight, call Cisco tech-support. That's what they
are there for -- nice people too.
Thanks,
-jbl

On Fri, Sep 21, 2001 at 01:38:17PM -0700, Chris Calabrese wrote:
> Hi folks,
>
> Anyone out there with experience on getting events to
> work under Cisco IDS (aka Netranger)?
>
> I'm trying to get the thing to send SNMP traps, and
> followed the docs to setup eventd to handle alarms and
> then pass them to the SNMP handling script, but to no
> avail. Can't even get a simple test script to execute
> from eventd. Both on the sensors and on the manager.
>
> Anyone seen this before? Anyone gotten this working?
> This is under the Solaris version of the management
> stuff.
>
> Thanks greatly in advance!
>
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger. http://im.yahoo.com