[fw-wiz] Syslog montioring and usage.

From: Chad Thomsen (chad.thomsen_at_bramespecialty.com)
Date: 07/12/04

  • Next message: Mircea MITU: "Re: [fw-wiz] Multiple MAC address on one interface"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Mon, 12 Jul 2004 13:54:07 -0400
    
    

    I am trying to learn the ins and outs of using Syslog. I am at my
    second job where I have installed and configure another Pix, but have
    never really got into Syslog. I am currently using KIWI syslog daemon.
    I would like to better find out what the messages mean, and how to track
    down port scans, and other security related issues that syslog may
    reveal. To sum it up I want to be able to have a good understanding of a
    log file that comes form a Pix.

    Sorry for such a n00b question as I am really starting to dig into
    network security.

    Thanks,

    Chad Thomsen, MCSE, CCNA

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mircea MITU: "Re: [fw-wiz] Multiple MAC address on one interface"

    Relevant Pages

    • RE: where should I start? help!
      ... you could also use the syslog feature in any *NIX system ... Plus there are tons of log analyzers for ... from your PIX to the listening device. ... and you can have more than one logging host system if need be. ...
      (Security-Basics)
    • Re: [fw-wiz] Syslog montioring and usage.
      ... While the PIX doesn't have a "port scan" syslog message it does log what it ... source IP address of the packets, as well as the protocol and port the ...
      (Firewall-Wizards)
    • RE: [fw-wiz] pix 501 logging question
      ... it's a deny, right?), which would lead to more syslog data from persistent ... log level for access-list logging is 6, but if you can see one you should ... You don't need to force the PIX to log these denials, ... access-list inbound permitted tcp outside/205.206.xxx.xxx-> ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Syslog montioring and usage.
      ... front of the pix so I can see how well it is doing. ... together a list of PIX syslog messages that IMO deserve "special" ... > Cisco publishes the definitions of all of the syslog messages that can ... > be generated by a PIX firewall: ...
      (Firewall-Wizards)
    • Syslog host and logging configuration
      ... If the PIX can't talk with the syslog server, how can i configure the pix ... This error means that you are doing "reliable TCP syslog" to a PIX ... Firewall Syslog Server software on a Windows NT system and that the ...
      (comp.security.firewalls)