AnsweredAssumed Answered

Cisco IPS events collecting SDEE

Question asked by David Bursik on Jul 4, 2014
Latest reply on Jul 7, 2014 by David Bursik

Hi,

 

is anybody using SDEE for collecting logs from Cisco IPS on SA?

 

I tried to set it up, but its not collecting any events.

From logs it seems, that communication is OK.

 

On enVision it works fine.

 

 

I found difference in requests between enVi & SA and its probably caused by different "subscriptionId".

 

SA

https://cisco_idp/cgi-bin/sdee-server/cgi-bin/sdee-server?action=get&subscriptionId=sub-2-c3a5ae56&timeout=0&maxNbrOfEvents=5000&confirm=yes

 

enVi

https://cisco_idp:443/cgi-bin/sdee-server?action=get&timeout=0&subscriptionId=sub-1-cce80f2b

 

Anybody some idea?

 

Thanks a lot.

Outcomes