[fw-wiz] RE: Router Internet Monitoring

From: George Peek (GKPeek_at_AllstateTicketing.com)
Date: 09/04/03

  • Next message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"
    To: 'rogue' <rogue@nocdemon.net>, George Peek <GKPeek@AllstateTicketing.com>
    Date: Thu, 4 Sep 2003 12:21:53 -0700
    
    

    Problem with Pix is it is logging literally everything, hence we have
    multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
    fully explored filtering, we use Kiwi Syslog Daemon for logging but the file
    grows extremely huge. In the future, SQL solution (which it supports) will
    be implemented but for now I need something live to monitor.

    Can you use the Cisco Pix Device Manager to filter the log?

    -----Original Message-----
    From: rogue [mailto:rogue@nocdemon.net]
    Sent: Thursday, September 04, 2003 9:29 AM
    To: George Peek
    Cc: 'security-basics@securityfocus.com'; 'owen@delong.com';
    'firewall-wizards@honor.icsalabs.com'
    Subject: Re: Router Internet Monitoring

    if you tell your PIX to log to a syslog server and ramp up the PIX logging
    to informational youll see every URL connection made from withinyour
    network.

    -rogue

    On Wed, 3 Sep 2003, George Peek wrote:

    > This may be a bit offtopic, if so please excuse me. I am looking for a
    > solution to monitor the live traffic (i.e. incoming/outgoing traffic,
    incl.
    > able to determine what url the user is going to) on our Cisco 2620.
    Freeware
    > would be great, linux solution is ok. I don't want to use a network
    capture
    > utility such as sniffer, fluke or iris. Pix has the device manager which
    > comes in handy. I can enable logging via SNMP, but it is text based, a GUI
    > utility that will sort that information would be very cool.
    >
    > Thank You,
    > George Peek
    >
    >
    ---------------------------------------------------------------------------
    > Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
    > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
    > technical IT security event. Modeled after the famous Black Hat event in
    > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
    > Symantec is the Diamond sponsor. Early-bird registration ends September
    6.Visit us: www.blackhat.com
    >
    ----------------------------------------------------------------------------
    >

    -- 
    ==================
    rogue@nocdemon.net
           	     {\o0|
    ==================
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"