Hello, we have Cisco IDS devices that we would like to have collected by Sumo Logic, the collector server is already up and operational. The issue we face is that the IDS devices are not capable of pushing these events to the collector, but we have another 3rd party appliance that was able to figure out a way via script to pull events via the Cisco SDEE protocol to show in their monitor.
I did contact Sumo Logic support about this and was told they currently do not support it. Support suggested to post this question here to see if anyone else may have found a solution.
Info from support:
"In order to collect this data what you would need to do is create a script that reads the data from the IPS HTTPS URL and then posts that data back to a Sumo Logic HTTP source endpoint. At the most basic this would be two cUrl requests, one to perform a GET from the IPS and the second to POST the response back to the Sumo Logic HTTP source. More information on creating HTTP sources can be found within the following help documentation."
Has anyone come across this issue before and has a custom script that is working? Please reply.
Please sign in to leave a comment.