RE: external database for Cisco IDS

From: Alex Arndt (aarndt@rogers.com)
Date: 12/20/01

• Previous message: Mike V: "Re: external database for Cisco IDS"
• In reply to: jim patterson: "RE: external database for Cisco IDS"
• Next in thread: Mike V: "Re: external database for Cisco IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Alex Arndt" <aarndt@rogers.com>
To: "jim patterson" <jimp@cityscape.net>, "'jim terry'" <jtixthus@excite.com>
Date: Wed, 19 Dec 2001 19:54:39 -0500

Seasons Greetings,

I don't want to appear too harsh here, but I must ask what context you're
basing your advice WRT the FTP copy on?

I know that you can configure Cisco IDS Sensors through CSPM (or UNIX
Director's nrConfigure utility for those of us who use it) to copy their
log files to a central logging point via FTP (using the sapd daemon), but
I don't think that it applies to the database on the machine running CSPM.

The exact method for exporting the CSPM data escapes me now, but I sure
that it's not via FTP. I think you have to use some sort of 'export' type
command from the DB interface...

I have some documentation (alas, not at my fingertips) that I can use to
confirm this, but you'll have to bear with some lag time.

Alex Arndt, GCIA
"Within all order is the potential for chaos..."

-----Original Message-----
From: jim patterson [mailto:jimp@cityscape.net]
Sent: Wednesday, December 19, 2001 5:21 PM
To: 'jim terry'
Cc: focus-ids@securityfocus.com
Subject: RE: external database for Cisco IDS

Go into the logging tab in CSPM and check the copy archived log files to
a ftp server.

-----Original Message-----
From: jim terry [mailto:jtixthus@excite.com]
Sent: Wednesday, December 19, 2001 2:04 PM
To: focus-ids@securityfocus.com
Subject: external database for Cisco IDS

Can anyone provide a URL on how to configure Cisco Secure Policy Manager
to send its past alarms to an external database?

Thanks in advance.

JT

________________________________________________________________________
______
Send a friend your Buddy Card and stay in contact always with Excite
Messenger http://messenger.excite.com

---

• Previous message: Mike V: "Re: external database for Cisco IDS"
• In reply to: jim patterson: "RE: external database for Cisco IDS"
• Next in thread: Mike V: "Re: external database for Cisco IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: external database for Cisco IDS ... I will try the copy archive command as ... > basing your advice WRT the FTP copy on? ... > I know that you can configure Cisco IDS Sensors through CSPM (or UNIX ... > Subject: RE: external database for Cisco IDS ... (Focus-IDS) Re: Link Tables & Ftp ... If you're trying to connect to a file on an FTP server, ... > I'm trying to link a table to an external database, ... > *.mdb too *.mdb ... > name" there are no problems logging in or finding the database as i have ... (microsoft.public.access.externaldata)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2001-12