From the course: Cisco Network Security: Intrusion Detection and Prevention
Join today to access over 25,300 courses taught by industry experts.
Monitoring and analyzing - Cisco Routers Tutorial
From the course: Cisco Network Security: Intrusion Detection and Prevention
Monitoring and analyzing
- [Instructor] The intrusion detection intrusion prevention systems on the network are constantly gathering data. The network administrator has several tools in the arsenal to manage all the data. Generating via intrusion detection intrusion prevention systems, reporting using the security device event exchange format, gathering via syslog, and analysis via SIEM technology. When an attack signature is triggered the intrusion detection system will generate an alarm. Alarms are stored on the sensor and can be examined locally, or through an application such as IPS Manager Express. After an attack signature fires, the device can send a syslog message using the security device event exchange format. SDEE is a protocol that outlines the format of messages sent between security devices and security monitoring systems. An SDEE system alarm message uses this format. To log events you can use syslog, which is a standard for…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.