[fw-wiz] RE: Router Internet Monitoring

From: George Peek (GKPeek_at_AllstateTicketing.com)
Date: 09/04/03

  • Next message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"
    To: 'rogue' <rogue@nocdemon.net>, George Peek <GKPeek@AllstateTicketing.com>
    Date: Thu, 4 Sep 2003 12:21:53 -0700
    
    

    Problem with Pix is it is logging literally everything, hence we have
    multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
    fully explored filtering, we use Kiwi Syslog Daemon for logging but the file
    grows extremely huge. In the future, SQL solution (which it supports) will
    be implemented but for now I need something live to monitor.

    Can you use the Cisco Pix Device Manager to filter the log?

    -----Original Message-----
    From: rogue [mailto:rogue@nocdemon.net]
    Sent: Thursday, September 04, 2003 9:29 AM
    To: George Peek
    Cc: 'security-basics@securityfocus.com'; 'owen@delong.com';
    'firewall-wizards@honor.icsalabs.com'
    Subject: Re: Router Internet Monitoring

    if you tell your PIX to log to a syslog server and ramp up the PIX logging
    to informational youll see every URL connection made from withinyour
    network.

    -rogue

    On Wed, 3 Sep 2003, George Peek wrote:

    > This may be a bit offtopic, if so please excuse me. I am looking for a
    > solution to monitor the live traffic (i.e. incoming/outgoing traffic,
    incl.
    > able to determine what url the user is going to) on our Cisco 2620.
    Freeware
    > would be great, linux solution is ok. I don't want to use a network
    capture
    > utility such as sniffer, fluke or iris. Pix has the device manager which
    > comes in handy. I can enable logging via SNMP, but it is text based, a GUI
    > utility that will sort that information would be very cool.
    >
    > Thank You,
    > George Peek
    >
    >
    ---------------------------------------------------------------------------
    > Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    > technical IT security event. Modeled after the famous Black Hat event in
    > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    > Symantec is the Diamond sponsor. Early-bird registration ends September
    6.Visit us: www.blackhat.com
    >
    ----------------------------------------------------------------------------
    >

    -- 
    ==================
    rogue@nocdemon.net
           	     {\o0|
    ==================
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"

    Relevant Pages

    • RE: Router Internet Monitoring
      ... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
      (Firewall-Wizards)
    • RE: Router Internet Monitoring
      ... Problem with Pix is it is logging literally everything, ... Can you use the Cisco Pix Device Manager to filter the log? ... Subject: Router Internet Monitoring ... Modeled after the famous Black Hat event in ...
      (Security-Basics)
    • Re: Logging hangs the PIX - Stops internet traffic
      ... the PIX has hanged because all internet traffic stops. ... Are you using UDP logging or TCP logging? ...
      (comp.dcom.sys.cisco)
    • Re: [Edit] VPN pix 506 to 501 ...
      ... After, if that not resolve the problem, i will change the crypto map by ... > which tells the PIX to ignore the interface ACLs for tunnel traffic. ... unless you had turned that off with 'logging message'... ...
      (comp.dcom.sys.cisco)
    • RE: [fw-wiz] Cisco PiX 501 running 6.2 - Defying me for no reason
      ... Well, after researching, configuring, reconfiguring, and just a bit ... the vpn client through the SecureWay firewall. ... The PiX is outside the firewall, on its own line/lines (explained in a ... the vpn eventually) can access the internet fine. ...
      (Firewall-Wizards)