Re: [fw-wiz] Syslog montioring and usage.
From: Ng Pheng Siong (ngps_at_netmemetic.com)
To: Chad Thomsen <email@example.com> Date: Wed, 14 Jul 2004 06:59:15 +0800
On Mon, Jul 12, 2004 at 01:54:07PM -0400, Chad Thomsen wrote:
> I would like to better find out what the messages mean, and how to track
> down port scans, and other security related issues that syslog may
> reveal. To sum it up I want to be able to have a good understanding of a
> log file that comes form a Pix.
Your Cisco PIX docu set contains a PDF file entitled, "Cisco PIX Firewall
System Log Messages." Check that out.
On tracking down port scans, you may want to look at SnortSam and its PIX
plugin. Essentially, SnortSam is a clone of Checkpoint FW-1's Suspicious
Activity Monitor (SAM), wherein dynamic firewall rules may be
created/destroyed in response to, um, suspicious activities. ;-)
-- Ng Pheng Siong <firstname.lastname@example.org> http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards