Re: [fw-wiz] Syslog montioring and usage.

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 07/14/04

  • Next message: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."
    To: Chad Thomsen <chad.thomsen@bramespecialty.com>
    Date: Wed, 14 Jul 2004 06:59:15 +0800
    
    

    On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
    > I would like to better find out what the messages mean, and how to track
    > down port scans, and other security related issues that syslog may
    > reveal. To sum it up I want to be able to have a good understanding of a
    > log file that comes form a Pix.

    Your Cisco PIX docu set contains a PDF file entitled, "Cisco PIX Firewall
    System Log Messages." Check that out.

    On tracking down port scans, you may want to look at SnortSam and its PIX
    plugin. Essentially, SnortSam is a clone of Checkpoint FW-1's Suspicious
    Activity Monitor (SAM), wherein dynamic firewall rules may be
    created/destroyed in response to, um, suspicious activities. ;-)

        http://www.snortsam.net

    Cheers.

    -- 
    Ng Pheng Siong <ngps@netmemetic.com> 
    http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control 
    http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Melson, Paul: "RE: [fw-wiz] Syslog montioring and usage."