[fw-wiz] Syslog montioring and usage.

From: Chad Thomsen (chad.thomsen_at_bramespecialty.com)
Date: 07/12/04

Next message: Mircea MITU: "Re: [fw-wiz] Multiple MAC address on one interface"

Previous message: Rogan Dawes: "Re: [fw-wiz] Multiple MAC address on one interface"
Next in thread: Chris Todd: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Chris Todd: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Marcus J. Ranum: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Josh Welch: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Greg Skouby: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Ng Pheng Siong: "Re: [fw-wiz] Syslog montioring and usage."
Maybe reply: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."
Maybe reply: Brian Ford: "Re: [fw-wiz] Syslog montioring and usage."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Mon, 12 Jul 2004 13:54:07 -0400

I am trying to learn the ins and outs of using Syslog. I am at my
second job where I have installed and configure another Pix, but have
never really got into Syslog. I am currently using KIWI syslog daemon.
I would like to better find out what the messages mean, and how to track
down port scans, and other security related issues that syslog may
reveal. To sum it up I want to be able to have a good understanding of a
log file that comes form a Pix.

Sorry for such a n00b question as I am really starting to dig into
network security.

Thanks,

Chad Thomsen, MCSE, CCNA

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Mircea MITU: "Re: [fw-wiz] Multiple MAC address on one interface"

Previous message: Rogan Dawes: "Re: [fw-wiz] Multiple MAC address on one interface"
Next in thread: Chris Todd: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Chris Todd: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Marcus J. Ranum: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Josh Welch: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Greg Skouby: "Re: [fw-wiz] Syslog montioring and usage."
Reply: Ng Pheng Siong: "Re: [fw-wiz] Syslog montioring and usage."
Maybe reply: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."
Maybe reply: Brian Ford: "Re: [fw-wiz] Syslog montioring and usage."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: where should I start? help!
... you could also use the syslog feature in any *NIX system ... Plus there are tons of log analyzers for ... from your PIX to the listening device. ... and you can have more than one logging host system if need be. ...
(Security-Basics)
Re: [fw-wiz] Syslog montioring and usage.
... While the PIX doesn't have a "port scan" syslog message it does log what it ... source IP address of the packets, as well as the protocol and port the ...
(Firewall-Wizards)
RE: [fw-wiz] pix 501 logging question
... it's a deny, right?), which would lead to more syslog data from persistent ... log level for access-list logging is 6, but if you can see one you should ... You don't need to force the PIX to log these denials, ... access-list inbound permitted tcp outside/205.206.xxx.xxx-> ...
(Firewall-Wizards)
RE: [fw-wiz] Syslog montioring and usage.
... front of the pix so I can see how well it is doing. ... together a list of PIX syslog messages that IMO deserve "special" ... > Cisco publishes the definitions of all of the syslog messages that can ... > be generated by a PIX firewall: ...
(Firewall-Wizards)
Syslog host and logging configuration
... If the PIX can't talk with the syslog server, how can i configure the pix ... This error means that you are doing "reliable TCP syslog" to a PIX ... Firewall Syslog Server software on a Windows NT system and that the ...
(comp.security.firewalls)