RE: [fw-wiz] (no subject)
From: Wes Noonan (mailinglists_at_wjnconsulting.com)
Date: 03/23/04
- Previous message: Devdas Bhagat: "Re: [fw-wiz] outbound traffic security risk"
- In reply to: Hilal Hussein: "[fw-wiz] (no subject)"
- Next in thread: Tina Bird: "Re: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Hilal Hussein'" <hilalma@hotmail.com>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 23 Mar 2004 08:48:28 -0600
You can filter in the PIX dropping logging of mundane things like
"connection permitted" since you have to explicitly allow a connection. You
can do this with the "no logging message" command.
I prefer Kiwi Syslog for logging. It allows you to do everything that you
have specified, plus you can set it up to alert as well as use it to
generate a hash on the log that you can use to ensure log integrity. The
filtering capabilities are very robust and you can configure it to archive
every hour for example. About the only complaint I have with Kiwi is that it
isn't web enabled so you can't view it from a remote workstation unless you
run it in terminal services for example. I'm told there are some third party
plugins for it that provide that functionality however (haven't had time to
mess with it myself).
HTH
Wes Noonan
mailinglists@wjnconsulting.com
http://www.wjnconsulting.com
Hardening Network Infrastructure - A concise how to guide
Available Spring 2004
Order at http://tinyurl.com/2nof4
> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com [mailto:firewall-wizards-
> admin@honor.icsalabs.com] On Behalf Of Hilal Hussein
> Sent: Tuesday, March 23, 2004 02:42
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] (no subject)
>
>
> Dear List,
>
> i have cisco pix firewall that is sending it log data to a cisco syslog
> server (windowsxp workstation).
> it is working fine with me since it is a service, so i willl be sure that
> it
> is running whenever the server is up and running.
>
> But i have two questions concerning this syslog:
> 1 - the log files are too big since everyfile contains the whole day logs,
> and since the file size is about 400 + Mb, i am not able to open it.
> kindly,
> is there any third party utility which i can use to manage (open, check,
> filter, ....) the log files of the cisco syslog?
>
> 2 - is there any other syslog server which could work with the cisco pix
> firewalls, and which is a service and NOT an application?
>
> your fast respond is highly appreciated,
>
> with regards,
> Hilal
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] outbound traffic security risk"
- In reply to: Hilal Hussein: "[fw-wiz] (no subject)"
- Next in thread: Tina Bird: "Re: [fw-wiz] (no subject)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
