Re: [fw-wiz] Syslog set up

From: Brian A Kee (bkee_at_lurhq.com)
Date: 07/24/03

  • Next message: Mark Tinberg: "RE: [fw-wiz] Syslog set up"
    To: "Doug Garrison" <doug.garrison@tagtmi.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Thu, 24 Jul 2003 13:40:28 -0500
    
    

    Something to look at:

    In PIX v6.3, Cisco added the ability to filter out specific log messages
    from the syslog output. I have not yet had the time to work with it, but it
    seems to be promising.

    http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_data_sheet09186a0080148714.html

    ...
    Syslog by access control list (ACL) entry

    Introduces powerful new reporting and troubleshooting capabilities that
    enable detailed statistics to be gathered on which ACL entries are triggered
    by network traffic attempting to traverse a Cisco PIX Security Appliance
    Gives precise control over which ACL entry-related syslog events are
    generated
    Assignable syslog levels by message

    Provides administrators tremendous flexibility and control over which syslog
    messages Cisco PIX Security Appliances generate

    BAK

    ----- Original Message -----
    From: "Doug Garrison" <doug.garrison@tagtmi.com>
    To: <firewall-wizards@honor.icsalabs.com>
    Sent: Thursday, July 17, 2003 4:32 PM
    Subject: [fw-wiz] Syslog set up

    > I am looking for a document or suggestions on setting up what events to
    log
    > on a Cisco PIX. I am not concerned about following our security policy
    yet
    > I just need a 'Best Practice" type of document to get started from.
    >
    >
    > Thanks for your input.
    >
    >
    >
    >
    > Doug Garrison
    >
    >
    >
    >
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mark Tinberg: "RE: [fw-wiz] Syslog set up"

    Relevant Pages

    • [fw-wiz] Re: PIX syslog WAS: (no subject)
      ... Cisco supports a proprietary syslog over TCP ... as well as the Cisco PIX Firewall Syslog Server ...
      (Firewall-Wizards)
    • Cisco PIX 515E vs. Fortinet Fortigate-300
      ... Firewall Evaluation ... Cisco PIX 515E vs. Fortinet Fortigate-300 ... Fortigate firewall. ...
      (comp.security.firewalls)
    • RE: Firewall Hardware Recommendations
      ... but Cisco makes for good medicine also. ... next time I setup a PIX I'll have to load it on up and give it a shot. ... WatchGuard has you pay for VPN lic's. ...
      (Security-Basics)
    • RE: where should I start? help!
      ... you could also use the syslog feature in any *NIX system ... Plus there are tons of log analyzers for ... from your PIX to the listening device. ... and you can have more than one logging host system if need be. ...
      (Security-Basics)
    • Re: [fw-wiz] Syslog montioring and usage.
      ... While the PIX doesn't have a "port scan" syslog message it does log what it ... source IP address of the packets, as well as the protocol and port the ...
      (Firewall-Wizards)