I was mentioning 514 for "nofity log" option only. SDEE can be pulled in two ways - live feed and query. SDM, CCP, Event viewer are some clients that can pull SDEE from IOS IPS.
With regards Kings On Mon, Apr 19, 2010 at 10:07 PM, Brandon Carroll <[email protected]>wrote: > SDEE is inside of tcp/443. You can't send SDEE directly to a syslog > server, thats why you have the log option instead of SDEE. If you really > want to go back before SDEE we had RDEP. :) At any-rate SDEE is inside of > an HTTPS/TLS connection. > > > Regards, > > Brandon Carroll - CCIE #23837 > Senior Technical Instructor - IPexpert > Mailto: [email protected] > Telephone: +1.810.326.1444 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > On Apr 19, 2010, at 4:29 AM, Kingsley Charles wrote: > > > Hi > > > > IPS uses SDEE ( Cisco Security Device Event Exchange ) to send IPS > messages to clients. My understanding is that SDEE is wrapped in HTTP. Hence > across firewalls, port 80/443 alone should be opened for SDEE. For log, port > 514 should be open. > > > > router2(config)#ip ips notify ? > > SDEE Send events to SDEE > > log Send events as syslog messages > > > > Please share your thoughts, if you differ. > > > > > > > > With regards > > Kings > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
