Options

Repost from OffTopic: 3rd Party Cisco IPS Monitoring

AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
in CCNP Security
Non exam stuff is meant to go in OT I know, and that's where this was originally posted, not a peep though so I'm hoping someone here might have an idea.

I know you can use the CLI monitor and ASDM to monitor IPS events but neither is that great imho. Are there any good 3rd party monitor/viewers you guys use and can recommend?
We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
· Share on FacebookShare on Twitter

Comments

  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I just did an install on a MARS appliance, it works very well, but with a price tag of 15k it should. Not sure about any 3rd party ones, I bleed green.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Thanks DT, yup a MARS or TRIGEO was on my wish list last year with the IPS' (ASA AIP-SSMs) but it didn't make it to the shopping list. I'm beginning to think Syslog and the Event Viewer it will be..... Are you using the MARS in production for for your classes?
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
  • Options
    dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    The setup was 2 mars 110R appliances for a customer, but I am currently evaluating MARS for classes. I don't know if there's enough money in it to justify the equipment expenses. I am waiting to see which of the three (MARS, HIPS, or CNAC) will become the dominate one. Most likely it will be HIPS as I think that is still the easiest and more widely used product.
    The only easy day was yesterday!
    · Share on FacebookShare on Twitter
  • Options
    ITdudeITdude Member Posts: 1,181 ■■■□□□□□□□
    Hey dt, sounds like you need a big bandaid for that green bleed! :)icon_wink.gif
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
    · Share on FacebookShare on Twitter
  • Options
    AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Just figured I'd update this in case anyone ends up searching for a similar solution. I'm trying out the Eval of Cisco Security Manager right now and it includes the Cisco IPS Event Viewer, which it turns out is also a standalone free downloadable from Cisco.com . It's MUCH better than the IDM event viewer as you can sort your views into single line/multi column data, set email alerts etc. Definitely worth getting if you don't have access to any other monitoring software or devices.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.