+ Reply to Thread
Results 1 to 6 of 6
  1. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #1

    Default Repost from OffTopic: 3rd Party Cisco IPS Monitoring

    Non exam stuff is meant to go in OT I know, and that's where this was originally posted, not a peep though so I'm hoping someone here might have an idea.

    I know you can use the CLI monitor and ASDM to monitor IPS events but neither is that great imho. Are there any good 3rd party monitor/viewers you guys use and can recommend?
    Reply With Quote Quote  

  2. SS -->
  3. Village Idiot dtlokee's Avatar
    Join Date
    Mar 2007
    Location
    NJ
    Posts
    2,389

    Certifications
    CCIE #19991 R+S, CCNA, CCNP, CCIP, CCVP, CCSP, CCSI, MCSE NT4.0, 2000, 2003, + Messaging and Security, MCDBA, MCSD, MCAD
    #2
    I just did an install on a MARS appliance, it works very well, but with a price tag of 15k it should. Not sure about any 3rd party ones, I bleed green.
    Reply With Quote Quote  

  4. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #3
    Thanks DT, yup a MARS or TRIGEO was on my wish list last year with the IPS' (ASA AIP-SSMs) but it didn't make it to the shopping list. I'm beginning to think Syslog and the Event Viewer it will be..... Are you using the MARS in production for for your classes?
    Reply With Quote Quote  

  5. Village Idiot dtlokee's Avatar
    Join Date
    Mar 2007
    Location
    NJ
    Posts
    2,389

    Certifications
    CCIE #19991 R+S, CCNA, CCNP, CCIP, CCVP, CCSP, CCSI, MCSE NT4.0, 2000, 2003, + Messaging and Security, MCDBA, MCSD, MCAD
    #4
    The setup was 2 mars 110R appliances for a customer, but I am currently evaluating MARS for classes. I don't know if there's enough money in it to justify the equipment expenses. I am waiting to see which of the three (MARS, HIPS, or CNAC) will become the dominate one. Most likely it will be HIPS as I think that is still the easiest and more widely used product.
    Reply With Quote Quote  

  6. Cisco Addict ITdude's Avatar
    Join Date
    Dec 2005
    Location
    Cyberspace (Near the Core)
    Posts
    1,191

    Certifications
    Got Some...Getting More.
    #5
    Hey dt, sounds like you need a big bandaid for that green bleed!
    Reply With Quote Quote  

  7. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #6
    Just figured I'd update this in case anyone ends up searching for a similar solution. I'm trying out the Eval of Cisco Security Manager right now and it includes the Cisco IPS Event Viewer, which it turns out is also a standalone free downloadable from Cisco.com . It's MUCH better than the IDM event viewer as you can sort your views into single line/multi column data, set email alerts etc. Definitely worth getting if you don't have access to any other monitoring software or devices.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks