Configuring the Notification Type

The Cisco IOS IPS provides several notification methods:

• Cisco IOS logging Uses a syslog format to send messages to a syslog server.

• PostOffice Protocol (POP) This is a proprietary protocol used to provide Cisco IOS Firewall IDS routers and IDS sensors a mechanism to communicate with each other and the management system. POP operates by pushing alarms and queuing to the management server. Cisco IOS IPS will only support POP-related functionality up to Cisco IOS Software Release 12.3(14)T.

• Security Device Event Exchange (SDEE) This is an ICSA standardized IPS communications protocol and message format. It uses pull technology initiated by the network management application to the IPS device. SDEE, also known as Remote Data Exchange Protocol (RDEP) v2, uses XML, HTTP, and Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to provide a standard interface. Cisco IOS IPS uses this protocol to send notifications to its management server. The primary benefit of SDEE is that it is an open standard format allowing coexistence of multiple IPS vendors in a network environment.

Use the ip ips notify log | sdee command (in global configuration mode) to configure the Cisco IOS IPS to forward alerts to the syslog server, SDM, or VMS IDS.

Table 13-3 lists the notification commands and associated options. Example 13-1 depicts the command format.

0 0

Post a comment