When Cisco IOS IPS is configured to use SDEE for event notification, how are events managed?
A.
They are stored in the router’s event store and will allow authenticated remote systems to pull
events from the event store.
B.
All events are immediately sent to the remote SDEE server.
C.
Events are sent via syslog over a secure SSUTLS communications channel.
D.
When the event store reaches its maximum configured number of event notifications, the stored
events are sent via SDEE to a remote authenticated server and a new event store is created.
Explanation:
SDEE uses a pull communication model for event messages. This allows management consoles
to pull alerts from the Cisco IPS sensors over an HTTPS connection.
When Cisco SDEE notification is enabled, by default, 200 events can be stored in the local event
store. This number can be increased to hold a maximum of 1000. All stored events are lost if
SDEE notifications are disabled, and a new local event store is allocated when the notification
feature is enabled again.