[fw-wiz] RE: Router Internet Monitoring
From: Dave (update_at_dsrtech.com)
Date: 09/05/03
- Previous message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"
- In reply to: George Peek: "RE: Router Internet Monitoring"
- Next in thread: Brian Recore: "RE: [fw-wiz] RE: Router Internet Monitoring"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: George Peek <GKPeek@AllstateTicketing.com> Date: Thu, 04 Sep 2003 18:57:30 -0400
George,
You can enable debugging logging to syslog and then exclude which
messages you will not want to see with the command
"no logging message <msg number>"
example "no logging message 305012"
Then you can filter your syslog with grep by interface.
Note this will show all url traffic to all interfaces/dmz(s) and yes
this will load up your syslog file.
I would recommend a tool called "IPAudit-Web". This makes an excellent
tracking tool. http://ipaudit.sourceforge.net/ipaudit-web/
I understand you don't want to capture all traffic but this tool is an
excellent resource at my shop and you could span a switch port off the
dmz you wished to monitor.
Good luck to you.
Dave
On Thu, 2003-09-04 at 15:21, George Peek wrote:
> Problem with Pix is it is logging literally everything, hence we have
> multiple DMZs.. for frame, dial-up, internet, internal, etc. I have not
> fully explored filtering, we use Kiwi Syslog Daemon for logging but the file
> grows extremely huge. In the future, SQL solution (which it supports) will
> be implemented but for now I need something live to monitor.
>
> Can you use the Cisco Pix Device Manager to filter the log?
>
> -----Original Message-----
> From: rogue [mailto:rogue@nocdemon.net]
> Sent: Thursday, September 04, 2003 9:29 AM
> To: George Peek
> Cc: 'security-basics@securityfocus.com'; 'owen@delong.com';
> 'firewall-wizards@honor.icsalabs.com'
> Subject: Re: Router Internet Monitoring
>
>
>
> if you tell your PIX to log to a syslog server and ramp up the PIX logging
> to informational youll see every URL connection made from withinyour
> network.
>
> -rogue
>
> On Wed, 3 Sep 2003, George Peek wrote:
>
> > This may be a bit offtopic, if so please excuse me. I am looking for a
> > solution to monitor the live traffic (i.e. incoming/outgoing traffic,
> incl.
> > able to determine what url the user is going to) on our Cisco 2620.
> Freeware
> > would be great, linux solution is ok. I don't want to use a network
> capture
> > utility such as sniffer, fluke or iris. Pix has the device manager which
> > comes in handy. I can enable logging via SNMP, but it is text based, a GUI
> > utility that will sort that information would be very cool.
> >
> > Thank You,
> > George Peek
> >
> >
> ---------------------------------------------------------------------------
> > Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
> > October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
> > technical IT security event. Modeled after the famous Black Hat event in
> > Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
> > Symantec is the Diamond sponsor. Early-bird registration ends September
> 6.Visit us: www.blackhat.com
> >
> ----------------------------------------------------------------------------
> >
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: TSimons_at_Delphi-Tech.com: "RE: [fw-wiz] tests about latency"
- In reply to: George Peek: "RE: Router Internet Monitoring"
- Next in thread: Brian Recore: "RE: [fw-wiz] RE: Router Internet Monitoring"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
