Monitoring Cisco IDS/IPS SSM Modules
RichTea
mail at catsnest.co.uk
Fri Jun 8 15:26:32 CEST 2012
On Wed, Jun 6, 2012 at 2:16 AM, Joseph Hardeman <jwhardeman at gmail.com>wrote:
> Hi Eero,
>
> I had to go to the archives on SourceForge to see your reply. I am not
> getting emails from the list.
>
> No, unfortunitely that won't work. I am looking for a plugin that will
> query the SSM IPS module for any security breach attempts or that will
> monitor a log file from syslog-ng capturing the SSM syslog data and will
> then send either an SNMP trap or trigger a passive alert.
>
>
If you are happy to "tail" the syslog you can just use the Nagios check_log
plugin.
With a custom service. i see from the above the syslog file in on the
Nagios server.
some sort of service like this applied to the device.
define service {
name check_local_syslog
command $USER1$/check_log --filename=/path/to/syslog/$HOSTNAME$ -some
other option (sorry i dont have access to man at the moment)
}
--
<-- http://23.me.uk/2 -->
<--Time flies like an arrow; fruit flies like a banana. -->
> I found where people talk about monitoring their Cisco devices that have
> SSM IPS modules, but no examples so far.
>
> Thanks for thinking of that app. :-)
>
> Joe
>
>
> On Tue, Jun 5, 2012 at 12:51 AM, Joseph Hardeman <jwhardeman at gmail.com>wrote:
>
>> Hi Everyone,
>>
>> I have been looking around and am hoping that someone can help me out. I
>> recently got a Cisco 5520 with a SSM-20 module (latest code and Signatures)
>> that I need to start monitoring. I have been looking but I have not found
>> a script that will help me monitor this via SNMP.
>>
>> We are looking to use Nagios to capture any security breachs or attempts
>> that are captured by the SSM module and its analysis engine.
>>
>> We do have this device sending Syslog data to the Nagios system, so if
>> there is a way to parse or tail this log to watch for the events that would
>> be helpful too.
>>
>> Thanks in advance.
>>
>> Joe
>>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20120608/b44c7a9a/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list