I was looking at the IPS integration with an open source SDEE collector for data collection into say a MySQL database for data mining later on kind of scenario. (Easy enough to mock up on GNS + Ubuntu for the MySQL / Perl part)
See projects http://search.cpan.org/~jminieri/Net-SDEE-0.01/lib/Net/SDEE.pm/ http://code.google.com/p/sdee-collector/. Since SDEE requires the use of http / https from a lab perspective would enabling the http server / secure server come under the implicit requirements if you are required to enable notification mechanism SDEE. Or would this be considered over configuration. Any comments from the experts in the group. Some GOTCHAs when practicing this feature set 1. You can enable both log and SDEE at the same time. However a show run | inc ips displays only SDEE and not log. Had me stumped for quite a while. However when I did a sh ip ips configuration both log and SDEE show up as enabled though. (Is this an IOS bug or the thing that default settings are not displayed in show run and ip ips notify log is turned on by default ) 2. If you are using SDM for playing around with signatures on IOS IPS (command line specific signature tuning aint for the faint hearted !!!! ) .. the IPS tab on SDM comes up only if the JRE is tuned to have a -Xmx256m (config setting in the Java machine settings). Found that JRE 1.6.0_03 seems to be the optimal JRE to work with for SDM, ASDM, IPS 6.x (specially true when running auto secure feature from SDM). Can be downloaded from Oracles archives at http://www.oracle.com/technetwork/java/archive-139210.html - R Shenai
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
